annotation_security 1.0.2 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. data/CHANGELOG +22 -0
  2. data/HOW-TO +261 -0
  3. data/{LICENSE → MIT-LICENSE} +1 -1
  4. data/README +39 -0
  5. data/Rakefile +53 -62
  6. data/assets/app/helpers/annotation_security_helper.rb +8 -8
  7. data/assets/config/initializers/annotation_security.rb +11 -11
  8. data/assets/config/security/relations.rb +20 -20
  9. data/assets/vendor/plugins/annotation_security/init.rb +14 -14
  10. data/bin/annotation_security +7 -7
  11. data/lib/annotation_security.rb +94 -103
  12. data/lib/annotation_security/exceptions.rb +124 -124
  13. data/lib/annotation_security/exec.rb +188 -188
  14. data/lib/annotation_security/includes/helper.rb +215 -215
  15. data/lib/annotation_security/includes/resource.rb +84 -84
  16. data/lib/annotation_security/includes/role.rb +30 -30
  17. data/lib/annotation_security/includes/user.rb +26 -26
  18. data/lib/annotation_security/manager/policy_factory.rb +29 -29
  19. data/lib/annotation_security/manager/policy_manager.rb +87 -79
  20. data/lib/annotation_security/manager/relation_loader.rb +272 -272
  21. data/lib/annotation_security/manager/resource_manager.rb +36 -36
  22. data/lib/annotation_security/manager/right_loader.rb +87 -87
  23. data/lib/annotation_security/policy/abstract_policy.rb +344 -344
  24. data/lib/annotation_security/policy/abstract_static_policy.rb +75 -75
  25. data/lib/annotation_security/policy/all_resources_policy.rb +20 -20
  26. data/lib/annotation_security/policy/rule.rb +340 -340
  27. data/lib/annotation_security/policy/rule_set.rb +138 -138
  28. data/lib/annotation_security/rails.rb +22 -39
  29. data/lib/{extensions → annotation_security/rails/2/extensions}/filter.rb +131 -133
  30. data/lib/annotation_security/rails/2/includes/action_controller.rb +144 -0
  31. data/lib/annotation_security/rails/2/includes/active_record.rb +28 -0
  32. data/lib/annotation_security/rails/2/initializer.rb +35 -0
  33. data/lib/annotation_security/{model_observer.rb → rails/2/model_observer.rb} +61 -61
  34. data/lib/annotation_security/rails/3/extensions/filter.rb +28 -0
  35. data/lib/annotation_security/{includes → rails/3/includes}/action_controller.rb +143 -144
  36. data/lib/annotation_security/{includes → rails/3/includes}/active_record.rb +27 -27
  37. data/lib/annotation_security/rails/3/initializer.rb +40 -0
  38. data/lib/annotation_security/rails/3/model_observer.rb +61 -0
  39. data/lib/annotation_security/rails/extensions.rb +21 -0
  40. data/lib/{extensions → annotation_security/rails/extensions}/action_controller.rb +31 -32
  41. data/lib/{extensions → annotation_security/rails/extensions}/active_record.rb +33 -34
  42. data/lib/{extensions → annotation_security/rails/extensions}/object.rb +10 -10
  43. data/lib/annotation_security/{filters.rb → rails/filters.rb} +37 -37
  44. data/lib/annotation_security/user_wrapper.rb +73 -73
  45. data/lib/annotation_security/utils.rb +141 -141
  46. data/lib/security_context.rb +588 -589
  47. data/spec/annotation_security/exceptions_spec.rb +16 -16
  48. data/spec/annotation_security/includes/helper_spec.rb +82 -82
  49. data/spec/annotation_security/manager/policy_manager_spec.rb +15 -15
  50. data/spec/annotation_security/manager/resource_manager_spec.rb +17 -17
  51. data/spec/annotation_security/manager/right_loader_spec.rb +17 -17
  52. data/spec/annotation_security/policy/abstract_policy_spec.rb +16 -16
  53. data/spec/annotation_security/policy/all_resources_policy_spec.rb +24 -24
  54. data/spec/annotation_security/policy/rule_set_spec.rb +112 -112
  55. data/spec/annotation_security/policy/rule_spec.rb +77 -77
  56. data/spec/annotation_security/policy/test_policy_spec.rb +80 -80
  57. data/spec/annotation_security/security_context_spec.rb +129 -78
  58. data/spec/annotation_security/utils_spec.rb +73 -73
  59. data/spec/helper/test_controller.rb +65 -65
  60. data/spec/helper/test_helper.rb +5 -5
  61. data/spec/helper/test_relations.rb +6 -6
  62. data/spec/helper/test_resource.rb +38 -38
  63. data/spec/helper/test_role.rb +21 -21
  64. data/spec/helper/test_user.rb +31 -31
  65. data/spec/rails_stub.rb +44 -37
  66. metadata +110 -96
  67. data/CHANGELOG.md +0 -14
  68. data/HOW-TO.md +0 -275
  69. data/README.md +0 -39
  70. data/lib/annotation_security/version.rb +0 -10
@@ -1,9 +1,9 @@
1
- #
2
- # = app/helpers/annotation_security_helper.rb
3
- #
4
- # This helper provides some useful view methods to be used in conjunction with
5
- # the plugin. See AnnotationSecurity::Helper for documentation.
6
- #
7
- module AnnotationSecurityHelper
8
- include AnnotationSecurity::Helper
1
+ #
2
+ # = app/helpers/annotation_security_helper.rb
3
+ #
4
+ # This helper provides some useful view methods to be used in conjunction with
5
+ # the plugin. See AnnotationSecurity::Helper for documentation.
6
+ #
7
+ module AnnotationSecurityHelper
8
+ include AnnotationSecurity::Helper
9
9
  end
@@ -1,12 +1,12 @@
1
- #
2
- # = config/initializers/annotation_security.rb
3
- #
4
- # Sets up files under <tt>config/security</tt> which hold
5
- # the security configuration.
6
-
7
- #
8
- # Add your own files here if they should also be loaded.
9
- #
10
- AnnotationSecurity.load_relations('relations')
11
- AnnotationSecurity.load_rights('rights')
1
+ #
2
+ # = config/initializers/annotation_security.rb
3
+ #
4
+ # Sets up files under <tt>config/security</tt> which hold
5
+ # the security configuration.
6
+
7
+ #
8
+ # Add your own files here if they should also be loaded.
9
+ #
10
+ AnnotationSecurity.load_relations('relations')
11
+ AnnotationSecurity.load_rights('rights')
12
12
  # AnnotationSecurity.load_rights('rights', 'rb) # loads rights from a ruby file
@@ -1,20 +1,20 @@
1
- AnnotationSecurity.define_relations do
2
-
3
- # All relations are defined in the context of a resource.
4
- # The block should return true iif the user has this relations.
5
-
6
- # all_resources do
7
- # administrator(:system, :is => :administrator)
8
- # owner_or_admin(:pretest){ owner or administrator }
9
- # owner(:system) { |user| user.status == :registered }
10
- # end
11
-
12
- # resource :album do
13
- # owner { |user, album| album.owner == user }
14
- # end
15
-
16
- # resource :picture do
17
- # owner "if owner: album"
18
- # end
19
-
20
- end
1
+ AnnotationSecurity.define_relations do
2
+
3
+ # All relations are defined in the context of a resource.
4
+ # The block should return true iif the user has this relations.
5
+
6
+ # all_resources do
7
+ # administrator(:system, :is => :administrator)
8
+ # owner_or_admin(:pretest){ owner or administrator }
9
+ # owner(:system) { |user| user.status == :registered }
10
+ # end
11
+
12
+ # resource :album do
13
+ # owner { |user, album| album.owner == user }
14
+ # end
15
+
16
+ # resource :picture do
17
+ # owner "if owner: album"
18
+ # end
19
+
20
+ end
@@ -1,14 +1,14 @@
1
- #
2
- # = init.rb
3
- #
4
- # This file will be copied to a rails apps `vendors/plugins/annotation_security`
5
- # directory if the annotation_security gem is installed into a rails app
6
- # via `annosec --rails`. It will be invoked by the rails app during startup an
7
- # loads the security layer.
8
- #
9
-
10
- require "annotation_security"
11
-
12
- # Initialize security layer for rails root
13
- puts "Initializing AnnotationSecurity security layer"
14
- AnnotationSecurity::init_rails(binding)
1
+ #
2
+ # = init.rb
3
+ #
4
+ # This file will be copied to a rails apps `vendors/plugins/annotation_security`
5
+ # directory if the annotation_security gem is installed into a rails app
6
+ # via `annosec --rails`. It will be invoked by the rails app during startup an
7
+ # loads the security layer.
8
+ #
9
+
10
+ require "annotation_security"
11
+
12
+ # Initialize security layer for rails root
13
+ config = eval("config", binding)
14
+ AnnotationSecurity::init_rails(config)
@@ -1,8 +1,8 @@
1
- #!/usr/bin/env ruby
2
- # The command line to install .
3
-
4
- $LOAD_PATH.unshift File.dirname(__FILE__) + '/../lib'
5
-
6
- require "annotation_security/exec"
7
-
1
+ #!/usr/bin/env ruby
2
+ # The command line to install .
3
+
4
+ $LOAD_PATH.unshift File.dirname(__FILE__) + '/../lib'
5
+
6
+ require "annotation_security/exec"
7
+
8
8
  AnnotationSecurity::Exec::RailsInstaller.new(ARGV).parse!
@@ -1,103 +1,94 @@
1
- #
2
- # = lib/annotation_security.rb
3
- #
4
- # This modul provides the AnnotationSecurity security layer.
5
- #
6
-
7
- # = AnnotationSecurity
8
- module AnnotationSecurity; end
9
-
10
- # Load annotation security files
11
- dir = File.dirname(__FILE__)
12
- require dir + '/annotation_security/manager/policy_manager'
13
- require dir + '/annotation_security/manager/policy_factory'
14
- require dir + '/annotation_security/manager/relation_loader'
15
- require dir + '/annotation_security/manager/right_loader'
16
- require dir + '/annotation_security/manager/resource_manager'
17
- require dir + '/annotation_security/policy/abstract_policy'
18
- require dir + '/annotation_security/policy/abstract_static_policy'
19
- require dir + '/annotation_security/policy/rule_set'
20
- require dir + '/annotation_security/policy/rule'
21
- require dir + '/annotation_security/includes/resource'
22
- require dir + '/annotation_security/includes/action_controller'
23
- require dir + '/annotation_security/includes/active_record'
24
- require dir + '/annotation_security/includes/role'
25
- require dir + '/annotation_security/includes/user'
26
- require dir + '/annotation_security/includes/helper'
27
- require dir + '/annotation_security/exceptions'
28
- require dir + '/annotation_security/filters'
29
- require dir + '/annotation_security/model_observer'
30
- require dir + '/annotation_security/user_wrapper'
31
- require dir + '/annotation_security/utils'
32
- require dir + '/annotation_security/version'
33
-
34
- require dir + '/security_context'
35
-
36
- module AnnotationSecurity
37
-
38
- # Load the file specified by +fname+.
39
- # The file will be reloaded automatically if reset is called.
40
- #
41
- # See AnnotationSecurity::RightLoader for details.
42
- #
43
- def self.load_rights(fname, ext = 'yml')
44
- # The file is expected to be a yaml file.
45
- # However, it is also possible to use a ruby file that uses
46
- # AnnotationSecurity.define_rights. In this case, ext should be 'rb'.
47
- PolicyManager.add_file(fname, ext)
48
- end
49
-
50
- # Load the file specified by +fname+.
51
- # The file will be reloaded automatically if reset is called.
52
- #
53
- # See AnnotationSecurity::RelationLoader for details.
54
- #
55
- def self.load_relations(fname)
56
- PolicyManager.add_file(fname, 'rb')
57
- end
58
-
59
- # Defines relations specified in +block+.
60
- #
61
- # See AnnotationSecurity::RelationLoader for details
62
- #
63
- def self.define_relations(*resources,&block)
64
- RelationLoader.define_relations(*resources,&block)
65
- end
66
-
67
- # Defines rights specified in +hash+.
68
- #
69
- # See AnnotationSecurity::RightLoader for details
70
- #
71
- def self.define_rights(hash)
72
- RightLoader.define_rights(hash)
73
- end
74
-
75
- # Reloads all files that were loaded with load_rights or load_relations.
76
- #
77
- # In development mode, reset is being executed before each request.
78
- #
79
- def self.reset
80
- PolicyManager.reset
81
- end
82
-
83
- # Initializes AnnotationSecurity for a Rails application and loads
84
- # Rails specific parts of the library.
85
- #
86
- # This method is called by `init.rb`,
87
- # which is run by Rails on startup.
88
- #
89
- # * +config+ [Rails::Configuration] the rails configuration.
90
- def self.init_rails(config)
91
- puts "Initializing AnnotationSecurity (#{AnnotationSecurity::Version}) security layer"
92
-
93
- # must load the extension files after we know rails is loaded
94
- # :o)
95
-
96
- dir = File.dirname(__FILE__)
97
-
98
- %w{annotation_security/rails extensions/object extensions/action_controller
99
- extensions/active_record extensions/filter }.each { |f| require "#{dir}/#{f}" }
100
-
101
- AnnotationSecurity::Rails.init!(config)
102
- end
103
- end
1
+ #
2
+ # = lib/annotation_security.rb
3
+ #
4
+ # This modul provides the AnnotationSecurity security layer.
5
+ #
6
+
7
+ # = AnnotationSecurity
8
+ module AnnotationSecurity; end
9
+
10
+ # Load annotation security files
11
+ dir = File.dirname(__FILE__)
12
+ require dir + '/annotation_security/manager/policy_manager'
13
+ require dir + '/annotation_security/manager/policy_factory'
14
+ require dir + '/annotation_security/manager/relation_loader'
15
+ require dir + '/annotation_security/manager/right_loader'
16
+ require dir + '/annotation_security/manager/resource_manager'
17
+ require dir + '/annotation_security/policy/abstract_policy'
18
+ require dir + '/annotation_security/policy/abstract_static_policy'
19
+ require dir + '/annotation_security/policy/rule_set'
20
+ require dir + '/annotation_security/policy/rule'
21
+ require dir + '/annotation_security/exceptions'
22
+ require dir + '/annotation_security/user_wrapper'
23
+ require dir + '/annotation_security/utils'
24
+ require dir + '/annotation_security/rails'
25
+ require dir + '/security_context'
26
+
27
+ require dir + '/annotation_security/includes/role'
28
+ require dir + '/annotation_security/includes/resource'
29
+ require dir + '/annotation_security/includes/user'
30
+ require dir + '/annotation_security/includes/helper'
31
+
32
+ module AnnotationSecurity
33
+
34
+ VERSION = '1.3.1'
35
+
36
+ # Load the file specified by +fname+.
37
+ # The file will be reloaded automatically if reset is called.
38
+ #
39
+ # See AnnotationSecurity::RightLoader for details.
40
+ #
41
+ def self.load_rights(fname, ext = 'yml')
42
+ # The file is expected to be a yaml file.
43
+ # However, it is also possible to use a ruby file that uses
44
+ # AnnotationSecurity.define_rights. In this case, ext should be 'rb'.
45
+ PolicyManager.add_file(fname, ext)
46
+ end
47
+
48
+ # Load the file specified by +fname+.
49
+ # The file will be reloaded automatically if reset is called.
50
+ #
51
+ # See AnnotationSecurity::RelationLoader for details.
52
+ #
53
+ def self.load_relations(fname)
54
+ PolicyManager.add_file(fname, 'rb')
55
+ end
56
+
57
+ # Defines relations specified in +block+.
58
+ #
59
+ # See AnnotationSecurity::RelationLoader for details
60
+ #
61
+ def self.define_relations(*resources,&block)
62
+ RelationLoader.define_relations(*resources,&block)
63
+ end
64
+
65
+ # Defines rights specified in +hash+.
66
+ #
67
+ # See AnnotationSecurity::RightLoader for details
68
+ #
69
+ def self.define_rights(hash)
70
+ RightLoader.define_rights(hash)
71
+ end
72
+
73
+ # Reloads all files that were loaded with load_rights or load_relations.
74
+ #
75
+ # In development mode, reset is being executed before each request.
76
+ #
77
+ def self.reset
78
+ PolicyManager.reset
79
+ end
80
+
81
+ # Initializes AnnotationSecurity for a Rails application and loads
82
+ # Rails specific parts of the library.
83
+ #
84
+ # This method is called by `init.rb`,
85
+ # which is run by Rails on startup.
86
+ #
87
+ # * +binding+ [Binding] The context of the `init.rb` file.
88
+ def self.init_rails(config)
89
+ dir = File.dirname(__FILE__)
90
+
91
+ require dir + '/annotation_security/rails/extensions'
92
+ AnnotationSecurity::Rails.init!(config)
93
+ end
94
+ end
@@ -1,125 +1,125 @@
1
- #
2
- # = lib/annotation_security/exceptions.rb
3
- #
4
- # Provides some Exceptions used within AnnotationSecurity
5
-
6
- module AnnotationSecurity
7
-
8
- # Superclass of all security related errors thrown by anno sec
9
- class SecurityError < StandardError # :nodoc:
10
- end
11
-
12
- end
13
-
14
- # Exception indicating that some rights were violated.
15
- #
16
- class SecurityViolationError < AnnotationSecurity::SecurityError
17
-
18
- def self.access_denied(user,*args) # :nodoc:
19
- new(user,*args)
20
- end
21
-
22
- def initialize(user=nil,*args) # :nodoc:
23
- if user == nil || args.empty?
24
- super "Access denied"
25
- else
26
- super load_args(user,args)
27
- end
28
- end
29
-
30
- def load_args(user,args) # :nodoc:
31
- @user = user
32
- @action,@resclass,@res = AnnotationSecurity::Utils.parse_policy_arguments(args)
33
- "You (#@user) are missing the right '#@action' for #@resclass" +
34
- (@res.blank? ? '' : " '#@res'")
35
- end
36
-
37
- # user that violated the right
38
- #
39
- def user
40
- @user
41
- end
42
-
43
- # the action that should have been performed on the resource object
44
- #
45
- def action
46
- @action
47
- end
48
-
49
- # the resource type
50
- #
51
- def resource_class
52
- @resclass
53
- end
54
-
55
- # the resource that was accessed
56
- #
57
- def resource
58
- @res
59
- end
60
- end
61
-
62
- module AnnotationSecurity
63
-
64
- # = AnnotationSecurity::RuleError
65
- #
66
- # Will be raised if a right or relation is defined twice
67
- # or has an invalid name.
68
- #
69
- class RuleError < SecurityError
70
- def self.defined_twice(type,rule) # :nodoc:
71
- new "The #{type} #{rule} is defined twice"
72
- end
73
-
74
- def self.forbidden_name(type,rule) # :nodoc:
75
- new "#{rule} is not allowed as #{type} name"
76
- end
77
- end
78
-
79
- # = AnnotationSecurity::RuleExecutionError
80
- #
81
- # Will be raised if an error occured while evaluation a right or relation.
82
- #
83
- class RuleExecutionError < RuleError
84
-
85
- def initialize(rule, proc=false, ex = nil) # :nodoc:
86
- if ex
87
- log_backtrace(proc,ex)
88
- super("An error occured while evaluating #{rule}: \n" +
89
- ex.class.name + ": " + ex.message)
90
- else
91
- super("An error occured while evaluating #{rule}")
92
- end
93
- end
94
-
95
- def set_backtrace(array) # :nodoc:
96
- super((@bt || []) + array[1..-1])
97
- end
98
-
99
- private
100
-
101
- # Select all lines of the backtrace above "rule.rb evaluate".
102
- # so they can be appended to the backtrace
103
- def log_backtrace(proc,ex)
104
- return unless proc
105
- backtrace = ex.backtrace
106
- stop = backtrace.find { |l| l =~ /rule\.rb(.*)`evaluate'/ }
107
- stop = backtrace.index(stop) || 5
108
- backtrace = backtrace.first(stop)
109
- @bt = backtrace.reject { |l| l =~ /annotation_security|active_support/ }
110
- end
111
-
112
- end
113
-
114
- # = AnnotationSecurity::RuleNotFoundError
115
- #
116
- # Will be raised when attempting to acces a right or relation that was not
117
- # defined.
118
- #
119
- class RuleNotFoundError < RuleError
120
- def self.for_rule(rname,policy_class)
121
- new("Unknown #{policy_class.static? ? 'static' : 'dynamic'} " +
122
- "rule '#{rname}' for #{policy_class.name}")
123
- end
124
- end
1
+ #
2
+ # = lib/annotation_security/exceptions.rb
3
+ #
4
+ # Provides some Exceptions used within AnnotationSecurity
5
+
6
+ module AnnotationSecurity
7
+
8
+ # Superclass of all security related errors thrown by anno sec
9
+ class SecurityError < StandardError # :nodoc:
10
+ end
11
+
12
+ end
13
+
14
+ # Exception indicating that some rights were violated.
15
+ #
16
+ class SecurityViolationError < AnnotationSecurity::SecurityError
17
+
18
+ def self.access_denied(user,*args) # :nodoc:
19
+ new(user,*args)
20
+ end
21
+
22
+ def initialize(user=nil,*args) # :nodoc:
23
+ if user == nil || args.empty?
24
+ super "Access denied"
25
+ else
26
+ super load_args(user,args)
27
+ end
28
+ end
29
+
30
+ def load_args(user,args) # :nodoc:
31
+ @user = user
32
+ @action,@resclass,@res = AnnotationSecurity::Utils.parse_policy_arguments(args)
33
+ "You (#@user) are missing the right '#@action' for #@resclass" +
34
+ (@res.blank? ? '' : " '#@res'")
35
+ end
36
+
37
+ # user that violated the right
38
+ #
39
+ def user
40
+ @user
41
+ end
42
+
43
+ # the action that should have been performed on the resource object
44
+ #
45
+ def action
46
+ @action
47
+ end
48
+
49
+ # the resource type
50
+ #
51
+ def resource_class
52
+ @resclass
53
+ end
54
+
55
+ # the resource that was accessed
56
+ #
57
+ def resource
58
+ @res
59
+ end
60
+ end
61
+
62
+ module AnnotationSecurity
63
+
64
+ # = AnnotationSecurity::RuleError
65
+ #
66
+ # Will be raised if a right or relation is defined twice
67
+ # or has an invalid name.
68
+ #
69
+ class RuleError < SecurityError
70
+ def self.defined_twice(type,rule) # :nodoc:
71
+ new "The #{type} #{rule} is defined twice"
72
+ end
73
+
74
+ def self.forbidden_name(type,rule) # :nodoc:
75
+ new "#{rule} is not allowed as #{type} name"
76
+ end
77
+ end
78
+
79
+ # = AnnotationSecurity::RuleExecutionError
80
+ #
81
+ # Will be raised if an error occured while evaluation a right or relation.
82
+ #
83
+ class RuleExecutionError < RuleError
84
+
85
+ def initialize(rule, proc=false, ex = nil) # :nodoc:
86
+ if ex
87
+ log_backtrace(proc,ex)
88
+ super("An error occured while evaluating #{rule}: \n" +
89
+ ex.class.name + ": " + ex.message)
90
+ else
91
+ super("An error occured while evaluating #{rule}")
92
+ end
93
+ end
94
+
95
+ def set_backtrace(array) # :nodoc:
96
+ super((@bt || []) + array[1..-1])
97
+ end
98
+
99
+ private
100
+
101
+ # Select all lines of the backtrace above "rule.rb evaluate".
102
+ # so they can be appended to the backtrace
103
+ def log_backtrace(proc,ex)
104
+ return unless proc
105
+ backtrace = ex.backtrace
106
+ stop = backtrace.find { |l| l =~ /rule\.rb(.*)`evaluate'/ }
107
+ stop = backtrace.index(stop) || 5
108
+ backtrace = backtrace.first(stop)
109
+ @bt = backtrace.reject { |l| l =~ /annotation_security|active_support/ }
110
+ end
111
+
112
+ end
113
+
114
+ # = AnnotationSecurity::RuleNotFoundError
115
+ #
116
+ # Will be raised when attempting to acces a right or relation that was not
117
+ # defined.
118
+ #
119
+ class RuleNotFoundError < RuleError
120
+ def self.for_rule(rname,policy_class)
121
+ new("Unknown #{policy_class.static? ? 'static' : 'dynamic'} " +
122
+ "rule '#{rname}' for #{policy_class.name}")
123
+ end
124
+ end
125
125
  end