annotation_security 1.0.2 → 1.3.1

data/assets/app/helpers/annotation_security_helper.rb

@@ -1,9 +1,9 @@
-#
-# = app/helpers/annotation_security_helper.rb
-#
-# This helper provides some useful view methods to be used in conjunction with
-# the plugin. See AnnotationSecurity::Helper for documentation.
-#
-module AnnotationSecurityHelper
-  include AnnotationSecurity::Helper
+#
+# = app/helpers/annotation_security_helper.rb
+#
+# This helper provides some useful view methods to be used in conjunction with
+# the plugin. See AnnotationSecurity::Helper for documentation.
+#
+module AnnotationSecurityHelper
+  include AnnotationSecurity::Helper
 end

data/assets/config/initializers/annotation_security.rb

@@ -1,12 +1,12 @@
-#
-# = config/initializers/annotation_security.rb
-#
-# Sets up files under <tt>config/security</tt> which hold
-# the security configuration.
-
-#
-# Add your own files here if they should also be loaded.
-#
-AnnotationSecurity.load_relations('relations')
-AnnotationSecurity.load_rights('rights')
+#
+# = config/initializers/annotation_security.rb
+#
+# Sets up files under <tt>config/security</tt> which hold
+# the security configuration.
+
+#
+# Add your own files here if they should also be loaded.
+#
+AnnotationSecurity.load_relations('relations')
+AnnotationSecurity.load_rights('rights')
 # AnnotationSecurity.load_rights('rights', 'rb) # loads rights from a ruby file

data/assets/config/security/relations.rb

@@ -1,20 +1,20 @@
-AnnotationSecurity.define_relations do
-
-  # All relations are defined in the context of a resource.
-  # The block should return true iif the user has this relations.
-
-#  all_resources do
-#    administrator(:system, :is => :administrator)
-#    owner_or_admin(:pretest){ owner or administrator }
-#    owner(:system) { |user| user.status == :registered }
-#  end
-
-#  resource :album do
-#    owner { |user, album| album.owner == user }
-#  end
-
-#  resource :picture do
-#    owner "if owner: album"
-#  end
-
-end
+AnnotationSecurity.define_relations do
+
+  # All relations are defined in the context of a resource.
+  # The block should return true iif the user has this relations.
+
+#  all_resources do
+#    administrator(:system, :is => :administrator)
+#    owner_or_admin(:pretest){ owner or administrator }
+#    owner(:system) { |user| user.status == :registered }
+#  end
+
+#  resource :album do
+#    owner { |user, album| album.owner == user }
+#  end
+
+#  resource :picture do
+#    owner "if owner: album"
+#  end
+
+end

data/assets/vendor/plugins/annotation_security/init.rb

@@ -1,14 +1,14 @@
-#
-# = init.rb
-#
-# This file will be copied to a rails apps `vendors/plugins/annotation_security`
-# directory if the annotation_security gem is installed into a rails app
-# via `annosec --rails`. It will be invoked by the rails app during startup an
-# loads the security layer.
-#
-
-require "annotation_security"
-
-# Initialize security layer for rails root
-puts "Initializing AnnotationSecurity security layer"
-AnnotationSecurity::init_rails(binding)
+#
+# = init.rb
+#
+# This file will be copied to a rails apps `vendors/plugins/annotation_security`
+# directory if the annotation_security gem is installed into a rails app
+# via `annosec --rails`. It will be invoked by the rails app during startup an
+# loads the security layer.
+#
+
+require "annotation_security"
+
+# Initialize security layer for rails root
+config = eval("config", binding)
+AnnotationSecurity::init_rails(config)

data/bin/annotation_security

@@ -1,8 +1,8 @@
-#!/usr/bin/env ruby
-# The command line to install .
-
-$LOAD_PATH.unshift File.dirname(__FILE__) + '/../lib'
-
-require "annotation_security/exec"
-
+#!/usr/bin/env ruby
+# The command line to install .
+
+$LOAD_PATH.unshift File.dirname(__FILE__) + '/../lib'
+
+require "annotation_security/exec"
+
 AnnotationSecurity::Exec::RailsInstaller.new(ARGV).parse!

data/lib/annotation_security.rb

@@ -1,103 +1,94 @@
-#
-# = lib/annotation_security.rb
-#
-# This modul provides the AnnotationSecurity security layer. 
-#
-
-# = AnnotationSecurity
-module AnnotationSecurity; end
-
-# Load annotation security files
-dir = File.dirname(__FILE__)
-require dir + '/annotation_security/manager/policy_manager'
-require dir + '/annotation_security/manager/policy_factory'
-require dir + '/annotation_security/manager/relation_loader'
-require dir + '/annotation_security/manager/right_loader'
-require dir + '/annotation_security/manager/resource_manager'
-require dir + '/annotation_security/policy/abstract_policy'
-require dir + '/annotation_security/policy/abstract_static_policy'
-require dir + '/annotation_security/policy/rule_set'
-require dir + '/annotation_security/policy/rule'
-require dir + '/annotation_security/includes/resource'
-require dir + '/annotation_security/includes/action_controller'
-require dir + '/annotation_security/includes/active_record'
-require dir + '/annotation_security/includes/role'
-require dir + '/annotation_security/includes/user'
-require dir + '/annotation_security/includes/helper'
-require dir + '/annotation_security/exceptions'
-require dir + '/annotation_security/filters'
-require dir + '/annotation_security/model_observer'
-require dir + '/annotation_security/user_wrapper'
-require dir + '/annotation_security/utils'
-require dir + '/annotation_security/version'
-
-require dir + '/security_context'
-
-module AnnotationSecurity
-  
-  # Load the file specified by +fname+.
-  # The file will be reloaded automatically if reset is called.
-  #
-  # See AnnotationSecurity::RightLoader for details.
-  #
-  def self.load_rights(fname, ext = 'yml')
-    # The file is expected to be a yaml file.
-    # However, it is also possible to use a ruby file that uses
-    # AnnotationSecurity.define_rights. In this case, ext should be 'rb'.
-    PolicyManager.add_file(fname, ext)
-  end
-
-  # Load the file specified by +fname+.
-  # The file will be reloaded automatically if reset is called.
-  #
-  # See AnnotationSecurity::RelationLoader for details.
-  #
-  def self.load_relations(fname)
-    PolicyManager.add_file(fname, 'rb')
-  end
-
-  # Defines relations specified in +block+.
-  #
-  # See AnnotationSecurity::RelationLoader for details
-  #
-  def self.define_relations(*resources,&block)
-    RelationLoader.define_relations(*resources,&block)
-  end
-
-  # Defines rights specified in +hash+.
-  #
-  # See AnnotationSecurity::RightLoader for details
-  #
-  def self.define_rights(hash)
-    RightLoader.define_rights(hash)
-  end
-
-  # Reloads all files that were loaded with load_rights or load_relations.
-  #
-  # In development mode, reset is being executed before each request.
-  #
-  def self.reset
-    PolicyManager.reset
-  end
-
-  # Initializes AnnotationSecurity for a Rails application and loads
-  # Rails specific parts of the library.
-  #
-  # This method is called by `init.rb`,
-  # which is run by Rails on startup.
-  #
-  # * +config+ [Rails::Configuration] the rails configuration.
-  def self.init_rails(config)
-    puts "Initializing AnnotationSecurity (#{AnnotationSecurity::Version}) security layer"
-
-    # must load the extension files after we know rails is loaded
-    # :o)
-    
-    dir = File.dirname(__FILE__)
-    
-    %w{annotation_security/rails extensions/object extensions/action_controller
-       extensions/active_record extensions/filter }.each { |f| require "#{dir}/#{f}" }
-    
-    AnnotationSecurity::Rails.init!(config)
-  end
-end
+#
+# = lib/annotation_security.rb
+#
+# This modul provides the AnnotationSecurity security layer. 
+#
+
+# = AnnotationSecurity
+module AnnotationSecurity; end
+
+# Load annotation security files
+dir = File.dirname(__FILE__)
+require dir + '/annotation_security/manager/policy_manager'
+require dir + '/annotation_security/manager/policy_factory'
+require dir + '/annotation_security/manager/relation_loader'
+require dir + '/annotation_security/manager/right_loader'
+require dir + '/annotation_security/manager/resource_manager'
+require dir + '/annotation_security/policy/abstract_policy'
+require dir + '/annotation_security/policy/abstract_static_policy'
+require dir + '/annotation_security/policy/rule_set'
+require dir + '/annotation_security/policy/rule'
+require dir + '/annotation_security/exceptions'
+require dir + '/annotation_security/user_wrapper'
+require dir + '/annotation_security/utils'
+require dir + '/annotation_security/rails'
+require dir + '/security_context'
+
+require dir + '/annotation_security/includes/role'
+require dir + '/annotation_security/includes/resource'
+require dir + '/annotation_security/includes/user'
+require dir + '/annotation_security/includes/helper'
+
+module AnnotationSecurity
+
+  VERSION = '1.3.1'
+  
+  # Load the file specified by +fname+.
+  # The file will be reloaded automatically if reset is called.
+  #
+  # See AnnotationSecurity::RightLoader for details.
+  #
+  def self.load_rights(fname, ext = 'yml')
+    # The file is expected to be a yaml file.
+    # However, it is also possible to use a ruby file that uses
+    # AnnotationSecurity.define_rights. In this case, ext should be 'rb'.
+    PolicyManager.add_file(fname, ext)
+  end
+
+  # Load the file specified by +fname+.
+  # The file will be reloaded automatically if reset is called.
+  #
+  # See AnnotationSecurity::RelationLoader for details.
+  #
+  def self.load_relations(fname)
+    PolicyManager.add_file(fname, 'rb')
+  end
+
+  # Defines relations specified in +block+.
+  #
+  # See AnnotationSecurity::RelationLoader for details
+  #
+  def self.define_relations(*resources,&block)
+    RelationLoader.define_relations(*resources,&block)
+  end
+
+  # Defines rights specified in +hash+.
+  #
+  # See AnnotationSecurity::RightLoader for details
+  #
+  def self.define_rights(hash)
+    RightLoader.define_rights(hash)
+  end
+
+  # Reloads all files that were loaded with load_rights or load_relations.
+  #
+  # In development mode, reset is being executed before each request.
+  #
+  def self.reset
+    PolicyManager.reset
+  end
+
+  # Initializes AnnotationSecurity for a Rails application and loads
+  # Rails specific parts of the library.
+  #
+  # This method is called by `init.rb`,
+  # which is run by Rails on startup.
+  #
+  # * +binding+ [Binding] The context of the `init.rb` file.
+  def self.init_rails(config)
+    dir = File.dirname(__FILE__)
+
+    require dir + '/annotation_security/rails/extensions'
+    AnnotationSecurity::Rails.init!(config)
+  end
+end

data/lib/annotation_security/exceptions.rb

@@ -1,125 +1,125 @@
-#
-# = lib/annotation_security/exceptions.rb
-#
-# Provides some Exceptions used within AnnotationSecurity
-
-module AnnotationSecurity
-
-  # Superclass of all security related errors thrown by anno sec
-  class SecurityError < StandardError # :nodoc:
-  end
-
-end
-
-# Exception indicating that some rights were violated.
-#
-class SecurityViolationError < AnnotationSecurity::SecurityError
-
-  def self.access_denied(user,*args) # :nodoc:
-    new(user,*args)
-  end
-
-  def initialize(user=nil,*args) # :nodoc:
-    if user == nil || args.empty?
-      super "Access denied"
-    else
-      super load_args(user,args)
-    end
-  end
-
-  def load_args(user,args) # :nodoc:
-    @user = user
-    @action,@resclass,@res = AnnotationSecurity::Utils.parse_policy_arguments(args)
-    "You (#@user) are missing the right '#@action' for #@resclass" +
-        (@res.blank? ? '' : " '#@res'")
-  end
-
-  # user that violated the right
-  #
-  def user
-    @user
-  end
-
-  # the action that should have been performed on the resource object
-  #
-  def action
-    @action
-  end
-
-  # the resource type
-  #
-  def resource_class
-    @resclass
-  end
-
-  # the resource that was accessed
-  #
-  def resource
-    @res
-  end
-end
-
-module AnnotationSecurity
-
-  # = AnnotationSecurity::RuleError
-  #
-  # Will be raised if a right or relation is defined twice
-  # or has an invalid name.
-  #
-  class RuleError < SecurityError
-    def self.defined_twice(type,rule) # :nodoc:
-      new "The #{type} #{rule} is defined twice"
-    end
-
-    def self.forbidden_name(type,rule) # :nodoc:
-      new "#{rule} is not allowed as #{type} name"
-    end
-  end
-
-  # = AnnotationSecurity::RuleExecutionError
-  #
-  # Will be raised if an error occured while evaluation a right or relation.
-  #
-  class RuleExecutionError < RuleError
-
-    def initialize(rule, proc=false, ex = nil) # :nodoc:
-      if ex
-        log_backtrace(proc,ex)
-        super("An error occured while evaluating #{rule}: \n" +
-              ex.class.name + ": " + ex.message)
-      else
-        super("An error occured while evaluating #{rule}")
-      end
-    end
-
-    def set_backtrace(array) # :nodoc:
-      super((@bt || []) + array[1..-1])
-    end
-
-    private
-
-    # Select all lines of the backtrace above "rule.rb evaluate".
-    # so they can be appended to the backtrace
-    def log_backtrace(proc,ex)
-      return unless proc
-      backtrace = ex.backtrace
-      stop = backtrace.find { |l| l =~ /rule\.rb(.*)`evaluate'/ }
-      stop = backtrace.index(stop) || 5
-      backtrace = backtrace.first(stop)
-      @bt = backtrace.reject { |l| l =~ /annotation_security|active_support/ }
-    end
-
-  end
-
-  # = AnnotationSecurity::RuleNotFoundError
-  #
-  # Will be raised when attempting to acces a right or relation that was not
-  # defined.
-  #
-  class RuleNotFoundError < RuleError
-    def self.for_rule(rname,policy_class)
-      new("Unknown #{policy_class.static? ? 'static' : 'dynamic'} " +
-          "rule '#{rname}' for #{policy_class.name}")
-    end
-  end
+#
+# = lib/annotation_security/exceptions.rb
+#
+# Provides some Exceptions used within AnnotationSecurity
+
+module AnnotationSecurity
+
+  # Superclass of all security related errors thrown by anno sec
+  class SecurityError < StandardError # :nodoc:
+  end
+
+end
+
+# Exception indicating that some rights were violated.
+#
+class SecurityViolationError < AnnotationSecurity::SecurityError
+
+  def self.access_denied(user,*args) # :nodoc:
+    new(user,*args)
+  end
+
+  def initialize(user=nil,*args) # :nodoc:
+    if user == nil || args.empty?
+      super "Access denied"
+    else
+      super load_args(user,args)
+    end
+  end
+
+  def load_args(user,args) # :nodoc:
+    @user = user
+    @action,@resclass,@res = AnnotationSecurity::Utils.parse_policy_arguments(args)
+    "You (#@user) are missing the right '#@action' for #@resclass" +
+        (@res.blank? ? '' : " '#@res'")
+  end
+
+  # user that violated the right
+  #
+  def user
+    @user
+  end
+
+  # the action that should have been performed on the resource object
+  #
+  def action
+    @action
+  end
+
+  # the resource type
+  #
+  def resource_class
+    @resclass
+  end
+
+  # the resource that was accessed
+  #
+  def resource
+    @res
+  end
+end
+
+module AnnotationSecurity
+
+  # = AnnotationSecurity::RuleError
+  #
+  # Will be raised if a right or relation is defined twice
+  # or has an invalid name.
+  #
+  class RuleError < SecurityError
+    def self.defined_twice(type,rule) # :nodoc:
+      new "The #{type} #{rule} is defined twice"
+    end
+
+    def self.forbidden_name(type,rule) # :nodoc:
+      new "#{rule} is not allowed as #{type} name"
+    end
+  end
+
+  # = AnnotationSecurity::RuleExecutionError
+  #
+  # Will be raised if an error occured while evaluation a right or relation.
+  #
+  class RuleExecutionError < RuleError
+
+    def initialize(rule, proc=false, ex = nil) # :nodoc:
+      if ex
+        log_backtrace(proc,ex)
+        super("An error occured while evaluating #{rule}: \n" +
+              ex.class.name + ": " + ex.message)
+      else
+        super("An error occured while evaluating #{rule}")
+      end
+    end
+
+    def set_backtrace(array) # :nodoc:
+      super((@bt || []) + array[1..-1])
+    end
+
+    private
+
+    # Select all lines of the backtrace above "rule.rb evaluate".
+    # so they can be appended to the backtrace
+    def log_backtrace(proc,ex)
+      return unless proc
+      backtrace = ex.backtrace
+      stop = backtrace.find { |l| l =~ /rule\.rb(.*)`evaluate'/ }
+      stop = backtrace.index(stop) || 5
+      backtrace = backtrace.first(stop)
+      @bt = backtrace.reject { |l| l =~ /annotation_security|active_support/ }
+    end
+
+  end
+
+  # = AnnotationSecurity::RuleNotFoundError
+  #
+  # Will be raised when attempting to acces a right or relation that was not
+  # defined.
+  #
+  class RuleNotFoundError < RuleError
+    def self.for_rule(rname,policy_class)
+      new("Unknown #{policy_class.static? ? 'static' : 'dynamic'} " +
+          "rule '#{rname}' for #{policy_class.name}")
+    end
+  end
 end