annotation_security 1.0.2 → 1.3.1
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG +22 -0
- data/HOW-TO +261 -0
- data/{LICENSE → MIT-LICENSE} +1 -1
- data/README +39 -0
- data/Rakefile +53 -62
- data/assets/app/helpers/annotation_security_helper.rb +8 -8
- data/assets/config/initializers/annotation_security.rb +11 -11
- data/assets/config/security/relations.rb +20 -20
- data/assets/vendor/plugins/annotation_security/init.rb +14 -14
- data/bin/annotation_security +7 -7
- data/lib/annotation_security.rb +94 -103
- data/lib/annotation_security/exceptions.rb +124 -124
- data/lib/annotation_security/exec.rb +188 -188
- data/lib/annotation_security/includes/helper.rb +215 -215
- data/lib/annotation_security/includes/resource.rb +84 -84
- data/lib/annotation_security/includes/role.rb +30 -30
- data/lib/annotation_security/includes/user.rb +26 -26
- data/lib/annotation_security/manager/policy_factory.rb +29 -29
- data/lib/annotation_security/manager/policy_manager.rb +87 -79
- data/lib/annotation_security/manager/relation_loader.rb +272 -272
- data/lib/annotation_security/manager/resource_manager.rb +36 -36
- data/lib/annotation_security/manager/right_loader.rb +87 -87
- data/lib/annotation_security/policy/abstract_policy.rb +344 -344
- data/lib/annotation_security/policy/abstract_static_policy.rb +75 -75
- data/lib/annotation_security/policy/all_resources_policy.rb +20 -20
- data/lib/annotation_security/policy/rule.rb +340 -340
- data/lib/annotation_security/policy/rule_set.rb +138 -138
- data/lib/annotation_security/rails.rb +22 -39
- data/lib/{extensions → annotation_security/rails/2/extensions}/filter.rb +131 -133
- data/lib/annotation_security/rails/2/includes/action_controller.rb +144 -0
- data/lib/annotation_security/rails/2/includes/active_record.rb +28 -0
- data/lib/annotation_security/rails/2/initializer.rb +35 -0
- data/lib/annotation_security/{model_observer.rb → rails/2/model_observer.rb} +61 -61
- data/lib/annotation_security/rails/3/extensions/filter.rb +28 -0
- data/lib/annotation_security/{includes → rails/3/includes}/action_controller.rb +143 -144
- data/lib/annotation_security/{includes → rails/3/includes}/active_record.rb +27 -27
- data/lib/annotation_security/rails/3/initializer.rb +40 -0
- data/lib/annotation_security/rails/3/model_observer.rb +61 -0
- data/lib/annotation_security/rails/extensions.rb +21 -0
- data/lib/{extensions → annotation_security/rails/extensions}/action_controller.rb +31 -32
- data/lib/{extensions → annotation_security/rails/extensions}/active_record.rb +33 -34
- data/lib/{extensions → annotation_security/rails/extensions}/object.rb +10 -10
- data/lib/annotation_security/{filters.rb → rails/filters.rb} +37 -37
- data/lib/annotation_security/user_wrapper.rb +73 -73
- data/lib/annotation_security/utils.rb +141 -141
- data/lib/security_context.rb +588 -589
- data/spec/annotation_security/exceptions_spec.rb +16 -16
- data/spec/annotation_security/includes/helper_spec.rb +82 -82
- data/spec/annotation_security/manager/policy_manager_spec.rb +15 -15
- data/spec/annotation_security/manager/resource_manager_spec.rb +17 -17
- data/spec/annotation_security/manager/right_loader_spec.rb +17 -17
- data/spec/annotation_security/policy/abstract_policy_spec.rb +16 -16
- data/spec/annotation_security/policy/all_resources_policy_spec.rb +24 -24
- data/spec/annotation_security/policy/rule_set_spec.rb +112 -112
- data/spec/annotation_security/policy/rule_spec.rb +77 -77
- data/spec/annotation_security/policy/test_policy_spec.rb +80 -80
- data/spec/annotation_security/security_context_spec.rb +129 -78
- data/spec/annotation_security/utils_spec.rb +73 -73
- data/spec/helper/test_controller.rb +65 -65
- data/spec/helper/test_helper.rb +5 -5
- data/spec/helper/test_relations.rb +6 -6
- data/spec/helper/test_resource.rb +38 -38
- data/spec/helper/test_role.rb +21 -21
- data/spec/helper/test_user.rb +31 -31
- data/spec/rails_stub.rb +44 -37
- metadata +110 -96
- data/CHANGELOG.md +0 -14
- data/HOW-TO.md +0 -275
- data/README.md +0 -39
- data/lib/annotation_security/version.rb +0 -10
@@ -1,74 +1,74 @@
|
|
1
|
-
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
|
2
|
-
|
3
|
-
describe AnnotationSecurity::Utils do
|
4
|
-
|
5
|
-
it 'should remove prefixes of the method body' do
|
6
|
-
%w{may_rule is_rule can_rule has_rule}.each do |method|
|
7
|
-
AnnotationSecurity::Utils.method_body(method).should eql('rule')
|
8
|
-
end
|
9
|
-
end
|
10
|
-
|
11
|
-
it 'should remove suffixes of the method body' do
|
12
|
-
%w{rule_for rule_of rule_in rule_to rule?}.each do |method|
|
13
|
-
AnnotationSecurity::Utils.method_body(method).should eql('rule')
|
14
|
-
end
|
15
|
-
end
|
16
|
-
|
17
|
-
it 'should return nil if the method body is clean' do
|
18
|
-
AnnotationSecurity::Utils.method_body('rule').should be_nil
|
19
|
-
end
|
20
|
-
|
21
|
-
it 'should ignore prefixes and suffixes without underscore in method body' do
|
22
|
-
%w{mayrule isrule rulefor ruleof canrulein hasruleto}.each do |method|
|
23
|
-
AnnotationSecurity::Utils.method_body(method).should eql(nil)
|
24
|
-
end
|
25
|
-
end
|
26
|
-
|
27
|
-
it 'should remove only prefix or suffix from the method body at a time' do
|
28
|
-
AnnotationSecurity::Utils.method_body('may_is_rule').should eql('is_rule')
|
29
|
-
AnnotationSecurity::Utils.method_body('rule_of_for').should eql('rule_of')
|
30
|
-
AnnotationSecurity::Utils.method_body('can_has_rule_to?').should eql('has_rule_to')
|
31
|
-
end
|
32
|
-
|
33
|
-
it 'should parse descriptions without bindings correctly' do
|
34
|
-
['show a resource', 'show with some text ignored a resource',
|
35
|
-
'show pluralized resources', '(ignoring comments) show a resource',
|
36
|
-
'show a resource (with comment at the end)'].each do |s|
|
37
|
-
AnnotationSecurity::Utils.parse_description(s).
|
38
|
-
should == {:action => :show, :resource => :resource}
|
39
|
-
end
|
40
|
-
end
|
41
|
-
|
42
|
-
it 'should detect bindings of a description' do
|
43
|
-
{
|
44
|
-
'show the resource in @res' =>
|
45
|
-
{:action => :show,:resource => :resource, :source => '@res'},
|
46
|
-
'show the resource from :id' =>
|
47
|
-
{:action => :show,:resource => :resource, :source => :id},
|
48
|
-
}.each_pair do |key, value|
|
49
|
-
AnnotationSecurity::Utils.parse_description(key,true).should == value
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
it 'should raise an error if an unexpected binding is detected in a description' do
|
54
|
-
lambda {
|
55
|
-
AnnotationSecurity::Utils.parse_description('show the resource :id')
|
56
|
-
}.should raise_error(StandardError)
|
57
|
-
end
|
58
|
-
|
59
|
-
it 'should parse policy arguments like specified in SecurityContext.allowed?' do
|
60
|
-
obj = Object.new
|
61
|
-
def obj.__is_resource?; true; end
|
62
|
-
def obj.resource_type; :o_resource; end
|
63
|
-
{
|
64
|
-
[:show, :resource, obj] => [:show, :resource, obj],
|
65
|
-
[:show, obj] => [:show, :o_resource, obj],
|
66
|
-
['show resource', obj] => [:show, :resource, obj],
|
67
|
-
[:show, :resource] => [:show, :resource],
|
68
|
-
[:administrate] => [:administrate, :all_resources]
|
69
|
-
}.each_pair do |key, value|
|
70
|
-
AnnotationSecurity::Utils.parse_policy_arguments(key).should == value
|
71
|
-
end
|
72
|
-
end
|
73
|
-
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
|
2
|
+
|
3
|
+
describe AnnotationSecurity::Utils do
|
4
|
+
|
5
|
+
it 'should remove prefixes of the method body' do
|
6
|
+
%w{may_rule is_rule can_rule has_rule}.each do |method|
|
7
|
+
AnnotationSecurity::Utils.method_body(method).should eql('rule')
|
8
|
+
end
|
9
|
+
end
|
10
|
+
|
11
|
+
it 'should remove suffixes of the method body' do
|
12
|
+
%w{rule_for rule_of rule_in rule_to rule?}.each do |method|
|
13
|
+
AnnotationSecurity::Utils.method_body(method).should eql('rule')
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
it 'should return nil if the method body is clean' do
|
18
|
+
AnnotationSecurity::Utils.method_body('rule').should be_nil
|
19
|
+
end
|
20
|
+
|
21
|
+
it 'should ignore prefixes and suffixes without underscore in method body' do
|
22
|
+
%w{mayrule isrule rulefor ruleof canrulein hasruleto}.each do |method|
|
23
|
+
AnnotationSecurity::Utils.method_body(method).should eql(nil)
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|
27
|
+
it 'should remove only prefix or suffix from the method body at a time' do
|
28
|
+
AnnotationSecurity::Utils.method_body('may_is_rule').should eql('is_rule')
|
29
|
+
AnnotationSecurity::Utils.method_body('rule_of_for').should eql('rule_of')
|
30
|
+
AnnotationSecurity::Utils.method_body('can_has_rule_to?').should eql('has_rule_to')
|
31
|
+
end
|
32
|
+
|
33
|
+
it 'should parse descriptions without bindings correctly' do
|
34
|
+
['show a resource', 'show with some text ignored a resource',
|
35
|
+
'show pluralized resources', '(ignoring comments) show a resource',
|
36
|
+
'show a resource (with comment at the end)'].each do |s|
|
37
|
+
AnnotationSecurity::Utils.parse_description(s).
|
38
|
+
should == {:action => :show, :resource => :resource}
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
it 'should detect bindings of a description' do
|
43
|
+
{
|
44
|
+
'show the resource in @res' =>
|
45
|
+
{:action => :show,:resource => :resource, :source => '@res'},
|
46
|
+
'show the resource from :id' =>
|
47
|
+
{:action => :show,:resource => :resource, :source => :id},
|
48
|
+
}.each_pair do |key, value|
|
49
|
+
AnnotationSecurity::Utils.parse_description(key,true).should == value
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
it 'should raise an error if an unexpected binding is detected in a description' do
|
54
|
+
lambda {
|
55
|
+
AnnotationSecurity::Utils.parse_description('show the resource :id')
|
56
|
+
}.should raise_error(StandardError)
|
57
|
+
end
|
58
|
+
|
59
|
+
it 'should parse policy arguments like specified in SecurityContext.allowed?' do
|
60
|
+
obj = Object.new
|
61
|
+
def obj.__is_resource?; true; end
|
62
|
+
def obj.resource_type; :o_resource; end
|
63
|
+
{
|
64
|
+
[:show, :resource, obj] => [:show, :resource, obj],
|
65
|
+
[:show, obj] => [:show, :o_resource, obj],
|
66
|
+
['show resource', obj] => [:show, :resource, obj],
|
67
|
+
[:show, :resource] => [:show, :resource],
|
68
|
+
[:administrate] => [:administrate, :all_resources]
|
69
|
+
}.each_pair do |key, value|
|
70
|
+
AnnotationSecurity::Utils.parse_policy_arguments(key).should == value
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
74
|
end
|
@@ -1,66 +1,66 @@
|
|
1
|
-
class TestController < ActionController::Base
|
2
|
-
|
3
|
-
describe :show, 'shows a test_resource'
|
4
|
-
describe :edit, 'edit some test_resources'
|
5
|
-
describe :show_edit, 'shows a test_resource', 'edits a test_resource'
|
6
|
-
describe :edit_with_render, 'edits the test_resource in @resource'
|
7
|
-
describe :delete, 'delete test_resource by :id'
|
8
|
-
describe :list, 'list all test_resources in @list'
|
9
|
-
|
10
|
-
|
11
|
-
def test_init(action, params)
|
12
|
-
@action = action
|
13
|
-
@params = params
|
14
|
-
end
|
15
|
-
|
16
|
-
def action_name
|
17
|
-
@action
|
18
|
-
end
|
19
|
-
|
20
|
-
def params
|
21
|
-
@params
|
22
|
-
end
|
23
|
-
|
24
|
-
def show
|
25
|
-
@resource = TestResource.find params[:id]
|
26
|
-
end
|
27
|
-
|
28
|
-
def edit
|
29
|
-
@resource = TestResource.find params[:id]
|
30
|
-
end
|
31
|
-
|
32
|
-
def show_edit
|
33
|
-
@resource = TestResource.find params[:id]
|
34
|
-
end
|
35
|
-
|
36
|
-
def edit_with_render
|
37
|
-
@resource = TestResource.find params[:id1]
|
38
|
-
render 'view'
|
39
|
-
@resource = TestResource.find params[:id2]
|
40
|
-
end
|
41
|
-
|
42
|
-
def delete
|
43
|
-
self.class.enter_delete
|
44
|
-
@resource = TestResource.find params[:id]
|
45
|
-
end
|
46
|
-
|
47
|
-
def list
|
48
|
-
r1 = TestResource.find params[:id1]
|
49
|
-
r2 = TestResource.find params[:id2]
|
50
|
-
@list = [r1, r2]
|
51
|
-
end
|
52
|
-
|
53
|
-
def render(*args)
|
54
|
-
super(*args)
|
55
|
-
self.class.exit_render
|
56
|
-
end
|
57
|
-
|
58
|
-
# callbacks used for mocking
|
59
|
-
|
60
|
-
def self.enter_delete
|
61
|
-
end
|
62
|
-
|
63
|
-
def self.exit_render
|
64
|
-
end
|
65
|
-
|
1
|
+
class TestController < ActionController::Base
|
2
|
+
|
3
|
+
describe :show, 'shows a test_resource'
|
4
|
+
describe :edit, 'edit some test_resources'
|
5
|
+
describe :show_edit, 'shows a test_resource', 'edits a test_resource'
|
6
|
+
describe :edit_with_render, 'edits the test_resource in @resource'
|
7
|
+
describe :delete, 'delete test_resource by :id'
|
8
|
+
describe :list, 'list all test_resources in @list'
|
9
|
+
|
10
|
+
|
11
|
+
def test_init(action, params)
|
12
|
+
@action = action
|
13
|
+
@params = params
|
14
|
+
end
|
15
|
+
|
16
|
+
def action_name
|
17
|
+
@action
|
18
|
+
end
|
19
|
+
|
20
|
+
def params
|
21
|
+
@params
|
22
|
+
end
|
23
|
+
|
24
|
+
def show
|
25
|
+
@resource = TestResource.find params[:id]
|
26
|
+
end
|
27
|
+
|
28
|
+
def edit
|
29
|
+
@resource = TestResource.find params[:id]
|
30
|
+
end
|
31
|
+
|
32
|
+
def show_edit
|
33
|
+
@resource = TestResource.find params[:id]
|
34
|
+
end
|
35
|
+
|
36
|
+
def edit_with_render
|
37
|
+
@resource = TestResource.find params[:id1]
|
38
|
+
render 'view'
|
39
|
+
@resource = TestResource.find params[:id2]
|
40
|
+
end
|
41
|
+
|
42
|
+
def delete
|
43
|
+
self.class.enter_delete
|
44
|
+
@resource = TestResource.find params[:id]
|
45
|
+
end
|
46
|
+
|
47
|
+
def list
|
48
|
+
r1 = TestResource.find params[:id1]
|
49
|
+
r2 = TestResource.find params[:id2]
|
50
|
+
@list = [r1, r2]
|
51
|
+
end
|
52
|
+
|
53
|
+
def render(*args)
|
54
|
+
super(*args)
|
55
|
+
self.class.exit_render
|
56
|
+
end
|
57
|
+
|
58
|
+
# callbacks used for mocking
|
59
|
+
|
60
|
+
def self.enter_delete
|
61
|
+
end
|
62
|
+
|
63
|
+
def self.exit_render
|
64
|
+
end
|
65
|
+
|
66
66
|
end
|
data/spec/helper/test_helper.rb
CHANGED
@@ -1,5 +1,5 @@
|
|
1
|
-
class TestHelper
|
2
|
-
|
3
|
-
include AnnotationSecurity::Helper
|
4
|
-
|
5
|
-
end
|
1
|
+
class TestHelper
|
2
|
+
|
3
|
+
include AnnotationSecurity::Helper
|
4
|
+
|
5
|
+
end
|
@@ -1,7 +1,7 @@
|
|
1
|
-
AnnotationSecurity.define_relations(:test_resource) do
|
2
|
-
|
3
|
-
owner do |user, res|
|
4
|
-
user.name == res.name
|
5
|
-
end
|
6
|
-
|
1
|
+
AnnotationSecurity.define_relations(:test_resource) do
|
2
|
+
|
3
|
+
owner do |user, res|
|
4
|
+
user.name == res.name
|
5
|
+
end
|
6
|
+
|
7
7
|
end
|
@@ -1,39 +1,39 @@
|
|
1
|
-
class TestResource
|
2
|
-
|
3
|
-
include AnnotationSecurity::Resource
|
4
|
-
|
5
|
-
self.resource_type = :test_resource
|
6
|
-
|
7
|
-
def self.find(arg)
|
8
|
-
obj = new arg
|
9
|
-
|
10
|
-
# normally, this is done by a model observer
|
11
|
-
SecurityContext.observe obj
|
12
|
-
|
13
|
-
obj
|
14
|
-
end
|
15
|
-
|
16
|
-
def self.get_resource(arg)
|
17
|
-
return nil if arg.nil?
|
18
|
-
return arg if arg.is_a? self
|
19
|
-
new arg
|
20
|
-
end
|
21
|
-
|
22
|
-
def initialize(name = "")
|
23
|
-
@name = name
|
24
|
-
end
|
25
|
-
|
26
|
-
def name
|
27
|
-
@name
|
28
|
-
end
|
29
|
-
|
30
|
-
def ==(other)
|
31
|
-
return false unless other.is_a? self.class
|
32
|
-
name == other.name
|
33
|
-
end
|
34
|
-
|
35
|
-
def to_s
|
36
|
-
"<TestResource:#{name}>"
|
37
|
-
end
|
38
|
-
|
1
|
+
class TestResource
|
2
|
+
|
3
|
+
include AnnotationSecurity::Resource
|
4
|
+
|
5
|
+
self.resource_type = :test_resource
|
6
|
+
|
7
|
+
def self.find(arg)
|
8
|
+
obj = new arg
|
9
|
+
|
10
|
+
# normally, this is done by a model observer
|
11
|
+
SecurityContext.observe obj
|
12
|
+
|
13
|
+
obj
|
14
|
+
end
|
15
|
+
|
16
|
+
def self.get_resource(arg)
|
17
|
+
return nil if arg.nil?
|
18
|
+
return arg if arg.is_a? self
|
19
|
+
new arg
|
20
|
+
end
|
21
|
+
|
22
|
+
def initialize(name = "")
|
23
|
+
@name = name
|
24
|
+
end
|
25
|
+
|
26
|
+
def name
|
27
|
+
@name
|
28
|
+
end
|
29
|
+
|
30
|
+
def ==(other)
|
31
|
+
return false unless other.is_a? self.class
|
32
|
+
name == other.name
|
33
|
+
end
|
34
|
+
|
35
|
+
def to_s
|
36
|
+
"<TestResource:#{name}>"
|
37
|
+
end
|
38
|
+
|
39
39
|
end
|
data/spec/helper/test_role.rb
CHANGED
@@ -1,22 +1,22 @@
|
|
1
|
-
class TestRole
|
2
|
-
|
3
|
-
include AnnotationSecurity::Role
|
4
|
-
|
5
|
-
def initialize(name,user)
|
6
|
-
@name = name
|
7
|
-
@user = user
|
8
|
-
end
|
9
|
-
|
10
|
-
def role_name
|
11
|
-
@name
|
12
|
-
end
|
13
|
-
|
14
|
-
def name
|
15
|
-
role_name
|
16
|
-
end
|
17
|
-
|
18
|
-
def user
|
19
|
-
@user
|
20
|
-
end
|
21
|
-
|
1
|
+
class TestRole
|
2
|
+
|
3
|
+
include AnnotationSecurity::Role
|
4
|
+
|
5
|
+
def initialize(name,user)
|
6
|
+
@name = name
|
7
|
+
@user = user
|
8
|
+
end
|
9
|
+
|
10
|
+
def role_name
|
11
|
+
@name
|
12
|
+
end
|
13
|
+
|
14
|
+
def name
|
15
|
+
role_name
|
16
|
+
end
|
17
|
+
|
18
|
+
def user
|
19
|
+
@user
|
20
|
+
end
|
21
|
+
|
22
22
|
end
|
data/spec/helper/test_user.rb
CHANGED
@@ -1,32 +1,32 @@
|
|
1
|
-
class TestUser
|
2
|
-
|
3
|
-
include AnnotationSecurity::User
|
4
|
-
|
5
|
-
def initialize(name='user_name')
|
6
|
-
@name = name
|
7
|
-
@one_role = TestRole.new(:one,self)
|
8
|
-
@many_roles = [
|
9
|
-
TestRole.new(:a,self), TestRole.new(:b,self), TestRole.new(:c,self)]
|
10
|
-
end
|
11
|
-
|
12
|
-
def user_name
|
13
|
-
@name
|
14
|
-
end
|
15
|
-
|
16
|
-
def name
|
17
|
-
user_name
|
18
|
-
end
|
19
|
-
|
20
|
-
def as_one_role
|
21
|
-
@one_role
|
22
|
-
end
|
23
|
-
|
24
|
-
def as_many_roles
|
25
|
-
@many_roles
|
26
|
-
end
|
27
|
-
|
28
|
-
def to_s
|
29
|
-
"<TestUser:#{name}>"
|
30
|
-
end
|
31
|
-
|
1
|
+
class TestUser
|
2
|
+
|
3
|
+
include AnnotationSecurity::User
|
4
|
+
|
5
|
+
def initialize(name='user_name')
|
6
|
+
@name = name
|
7
|
+
@one_role = TestRole.new(:one,self)
|
8
|
+
@many_roles = [
|
9
|
+
TestRole.new(:a,self), TestRole.new(:b,self), TestRole.new(:c,self)]
|
10
|
+
end
|
11
|
+
|
12
|
+
def user_name
|
13
|
+
@name
|
14
|
+
end
|
15
|
+
|
16
|
+
def name
|
17
|
+
user_name
|
18
|
+
end
|
19
|
+
|
20
|
+
def as_one_role
|
21
|
+
@one_role
|
22
|
+
end
|
23
|
+
|
24
|
+
def as_many_roles
|
25
|
+
@many_roles
|
26
|
+
end
|
27
|
+
|
28
|
+
def to_s
|
29
|
+
"<TestUser:#{name}>"
|
30
|
+
end
|
31
|
+
|
32
32
|
end
|