annotation_security 1.0.2 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (70) hide show
  1. data/CHANGELOG +22 -0
  2. data/HOW-TO +261 -0
  3. data/{LICENSE → MIT-LICENSE} +1 -1
  4. data/README +39 -0
  5. data/Rakefile +53 -62
  6. data/assets/app/helpers/annotation_security_helper.rb +8 -8
  7. data/assets/config/initializers/annotation_security.rb +11 -11
  8. data/assets/config/security/relations.rb +20 -20
  9. data/assets/vendor/plugins/annotation_security/init.rb +14 -14
  10. data/bin/annotation_security +7 -7
  11. data/lib/annotation_security.rb +94 -103
  12. data/lib/annotation_security/exceptions.rb +124 -124
  13. data/lib/annotation_security/exec.rb +188 -188
  14. data/lib/annotation_security/includes/helper.rb +215 -215
  15. data/lib/annotation_security/includes/resource.rb +84 -84
  16. data/lib/annotation_security/includes/role.rb +30 -30
  17. data/lib/annotation_security/includes/user.rb +26 -26
  18. data/lib/annotation_security/manager/policy_factory.rb +29 -29
  19. data/lib/annotation_security/manager/policy_manager.rb +87 -79
  20. data/lib/annotation_security/manager/relation_loader.rb +272 -272
  21. data/lib/annotation_security/manager/resource_manager.rb +36 -36
  22. data/lib/annotation_security/manager/right_loader.rb +87 -87
  23. data/lib/annotation_security/policy/abstract_policy.rb +344 -344
  24. data/lib/annotation_security/policy/abstract_static_policy.rb +75 -75
  25. data/lib/annotation_security/policy/all_resources_policy.rb +20 -20
  26. data/lib/annotation_security/policy/rule.rb +340 -340
  27. data/lib/annotation_security/policy/rule_set.rb +138 -138
  28. data/lib/annotation_security/rails.rb +22 -39
  29. data/lib/{extensions → annotation_security/rails/2/extensions}/filter.rb +131 -133
  30. data/lib/annotation_security/rails/2/includes/action_controller.rb +144 -0
  31. data/lib/annotation_security/rails/2/includes/active_record.rb +28 -0
  32. data/lib/annotation_security/rails/2/initializer.rb +35 -0
  33. data/lib/annotation_security/{model_observer.rb → rails/2/model_observer.rb} +61 -61
  34. data/lib/annotation_security/rails/3/extensions/filter.rb +28 -0
  35. data/lib/annotation_security/{includes → rails/3/includes}/action_controller.rb +143 -144
  36. data/lib/annotation_security/{includes → rails/3/includes}/active_record.rb +27 -27
  37. data/lib/annotation_security/rails/3/initializer.rb +40 -0
  38. data/lib/annotation_security/rails/3/model_observer.rb +61 -0
  39. data/lib/annotation_security/rails/extensions.rb +21 -0
  40. data/lib/{extensions → annotation_security/rails/extensions}/action_controller.rb +31 -32
  41. data/lib/{extensions → annotation_security/rails/extensions}/active_record.rb +33 -34
  42. data/lib/{extensions → annotation_security/rails/extensions}/object.rb +10 -10
  43. data/lib/annotation_security/{filters.rb → rails/filters.rb} +37 -37
  44. data/lib/annotation_security/user_wrapper.rb +73 -73
  45. data/lib/annotation_security/utils.rb +141 -141
  46. data/lib/security_context.rb +588 -589
  47. data/spec/annotation_security/exceptions_spec.rb +16 -16
  48. data/spec/annotation_security/includes/helper_spec.rb +82 -82
  49. data/spec/annotation_security/manager/policy_manager_spec.rb +15 -15
  50. data/spec/annotation_security/manager/resource_manager_spec.rb +17 -17
  51. data/spec/annotation_security/manager/right_loader_spec.rb +17 -17
  52. data/spec/annotation_security/policy/abstract_policy_spec.rb +16 -16
  53. data/spec/annotation_security/policy/all_resources_policy_spec.rb +24 -24
  54. data/spec/annotation_security/policy/rule_set_spec.rb +112 -112
  55. data/spec/annotation_security/policy/rule_spec.rb +77 -77
  56. data/spec/annotation_security/policy/test_policy_spec.rb +80 -80
  57. data/spec/annotation_security/security_context_spec.rb +129 -78
  58. data/spec/annotation_security/utils_spec.rb +73 -73
  59. data/spec/helper/test_controller.rb +65 -65
  60. data/spec/helper/test_helper.rb +5 -5
  61. data/spec/helper/test_relations.rb +6 -6
  62. data/spec/helper/test_resource.rb +38 -38
  63. data/spec/helper/test_role.rb +21 -21
  64. data/spec/helper/test_user.rb +31 -31
  65. data/spec/rails_stub.rb +44 -37
  66. metadata +110 -96
  67. data/CHANGELOG.md +0 -14
  68. data/HOW-TO.md +0 -275
  69. data/README.md +0 -39
  70. data/lib/annotation_security/version.rb +0 -10
@@ -1,139 +1,139 @@
1
- #
2
- # = lib/annotation_security/policy/rule_set.rb
3
- #
4
-
5
- # = AnnotationSecurity::RuleSet
6
- # Contains all rule objects for a policy
7
- #
8
- class AnnotationSecurity::RuleSet # :nodoc:
9
-
10
- # Initializes the rule set
11
- # * +pclass+ Policy class this rule set belongs to
12
- #
13
- def initialize(pclass)
14
- super()
15
- @pclass = pclass
16
- @rights = {}
17
- @static = {}
18
- @dynamic = {}
19
- end
20
-
21
- def to_s
22
- "<RuleSet of #@pclass>"
23
- end
24
-
25
- # Returns a rule object or nil if the rule does not exist.
26
- # * +symbol+ name of the rule
27
- # * +static+ boolean specifing whether the rule is static or dynamic
28
- def get_rule(symbol,static)
29
- static ? get_static_rule(symbol) : get_dynamic_rule(symbol)
30
- end
31
-
32
- # Returns a dynamic rule or nil if the rule does not exist.
33
- # * +symbol+ name of the rule
34
- def get_dynamic_rule(symbol)
35
- # If no rule is available, maybe there is a right that can be used
36
- @dynamic[symbol] ||= get_dynamic_right(symbol)
37
- end
38
-
39
- # Returns a static rule or nil if the rule does not exist.
40
- # * +symbol+ name of the rule
41
- def get_static_rule(symbol)
42
- # If no rule is available, maybe there is a right that can be used
43
- @static[symbol] ||= get_static_right(symbol)
44
- end
45
-
46
- # Copies a rule from another rule set.
47
- # Returns the newly created rule or nil if the operation had no effect.
48
- # * +symbol+ name of the rule
49
- # * +source+ rule set to copy from
50
- # * +static+ boolean specifing whether the rule is static or dynamic
51
- def copy_rule_from(symbol,source,static)
52
- add_copy(source.get_rule(symbol,static))
53
- end
54
-
55
- # Creates a dynamic rule that redirects to a static rule with the same name.
56
- # Returns the newly created rule or nil if the operation had no effect.
57
- # * +symbol+ name of the rule
58
- def create_dynamic_copy(symbol)
59
- rule = get_static_rule(symbol)
60
- if rule
61
- add_rule(symbol,
62
- "static_policy.#{symbol}(*args)",
63
- :resource,
64
- :require_credential => rule.requires_credential?)
65
- end
66
- end
67
-
68
- # Adds a new rule to this rule set. The rule will be classified either
69
- # as dynamic, static, both or right.
70
- # Returns the newly create rule.
71
- # For an explainition of the parameters see AnnotationSecurity::Rule#initialize.
72
- def add_rule(symbol,*args,&block)
73
- __add__ AnnotationSecurity::Rule.new(symbol,@pclass,*args,&block)
74
- end
75
-
76
- private
77
-
78
- # Copies a rule object to this rule set.
79
- # Returns the newly created rule or nil.
80
- # * +rule+ rule object to copy or nil.
81
- def add_copy(rule)
82
- __add__(rule.copy(@pclass)) if rule
83
- end
84
-
85
- # Adds a new rule to this rule set. The rule will be classified either
86
- # as dynamic, static, both or right.
87
- # * +rule+ rule object
88
- def __add__(rule)
89
- if rule.right?
90
- # if the rule is a right, its not clear yet whether
91
- # it is static or dynamic. These rules will be analyzed later.
92
- raise_if_forbidden_name 'right', rule
93
- raise_if_exists 'right', @rights[rule.name]
94
- @rights[rule.name] = rule
95
- else
96
- raise_if_forbidden_name 'relation', rule
97
- if rule.dynamic?
98
- raise_if_exists 'dynamic relation', @dynamic[rule.name]
99
- @dynamic[rule.name] = rule
100
- end
101
- if rule.static?
102
- raise_if_exists 'static relation', @static[rule.name]
103
- @static[rule.name] = rule
104
- end
105
- end
106
- rule
107
- end
108
-
109
- # Raises an error if +rule+ is not nil.
110
- # * +type+ type of rule, like 'right' or 'dynamic relation'
111
- # * +rule+ existing rule object or nil
112
- def raise_if_exists(type,rule)
113
- raise AnnotationSecurity::RuleError.defined_twice(type,rule) if rule
114
- end
115
-
116
- # Raises an error if +rule+ has a forbidden name.
117
- # * +type+ type of rule, like 'right' or 'relation'
118
- # * +rule+ rule object
119
- def raise_if_forbidden_name(type,rule)
120
- if AnnotationSecurity::AbstractPolicy.forbidden_rule_names.include? rule.name.to_s
121
- raise AnnotationSecurity::RuleError.forbidden_name(type,rule)
122
- end
123
- end
124
-
125
- # Returns a dynamic rule that was defined as right
126
- # * +symbol+ name of the rule
127
- def get_dynamic_right(symbol)
128
- r = @rights[symbol]
129
- r and r.dynamic? ? r : nil
130
- end
131
-
132
- # Returns a static rule that was defined as right
133
- # * +symbol+ name of the rule
134
- def get_static_right(symbol)
135
- r = @rights[symbol]
136
- r and r.static? ? r : nil
137
- end
138
-
1
+ #
2
+ # = lib/annotation_security/policy/rule_set.rb
3
+ #
4
+
5
+ # = AnnotationSecurity::RuleSet
6
+ # Contains all rule objects for a policy
7
+ #
8
+ class AnnotationSecurity::RuleSet # :nodoc:
9
+
10
+ # Initializes the rule set
11
+ # * +pclass+ Policy class this rule set belongs to
12
+ #
13
+ def initialize(pclass)
14
+ super()
15
+ @pclass = pclass
16
+ @rights = {}
17
+ @static = {}
18
+ @dynamic = {}
19
+ end
20
+
21
+ def to_s
22
+ "<RuleSet of #@pclass>"
23
+ end
24
+
25
+ # Returns a rule object or nil if the rule does not exist.
26
+ # * +symbol+ name of the rule
27
+ # * +static+ boolean specifing whether the rule is static or dynamic
28
+ def get_rule(symbol,static)
29
+ static ? get_static_rule(symbol) : get_dynamic_rule(symbol)
30
+ end
31
+
32
+ # Returns a dynamic rule or nil if the rule does not exist.
33
+ # * +symbol+ name of the rule
34
+ def get_dynamic_rule(symbol)
35
+ # If no rule is available, maybe there is a right that can be used
36
+ @dynamic[symbol] ||= get_dynamic_right(symbol)
37
+ end
38
+
39
+ # Returns a static rule or nil if the rule does not exist.
40
+ # * +symbol+ name of the rule
41
+ def get_static_rule(symbol)
42
+ # If no rule is available, maybe there is a right that can be used
43
+ @static[symbol] ||= get_static_right(symbol)
44
+ end
45
+
46
+ # Copies a rule from another rule set.
47
+ # Returns the newly created rule or nil if the operation had no effect.
48
+ # * +symbol+ name of the rule
49
+ # * +source+ rule set to copy from
50
+ # * +static+ boolean specifing whether the rule is static or dynamic
51
+ def copy_rule_from(symbol,source,static)
52
+ add_copy(source.get_rule(symbol,static))
53
+ end
54
+
55
+ # Creates a dynamic rule that redirects to a static rule with the same name.
56
+ # Returns the newly created rule or nil if the operation had no effect.
57
+ # * +symbol+ name of the rule
58
+ def create_dynamic_copy(symbol)
59
+ rule = get_static_rule(symbol)
60
+ if rule
61
+ add_rule(symbol,
62
+ "static_policy.#{symbol}(*args)",
63
+ :resource,
64
+ :require_credential => rule.requires_credential?)
65
+ end
66
+ end
67
+
68
+ # Adds a new rule to this rule set. The rule will be classified either
69
+ # as dynamic, static, both or right.
70
+ # Returns the newly create rule.
71
+ # For an explainition of the parameters see AnnotationSecurity::Rule#initialize.
72
+ def add_rule(symbol,*args,&block)
73
+ __add__ AnnotationSecurity::Rule.new(symbol,@pclass,*args,&block)
74
+ end
75
+
76
+ private
77
+
78
+ # Copies a rule object to this rule set.
79
+ # Returns the newly created rule or nil.
80
+ # * +rule+ rule object to copy or nil.
81
+ def add_copy(rule)
82
+ __add__(rule.copy(@pclass)) if rule
83
+ end
84
+
85
+ # Adds a new rule to this rule set. The rule will be classified either
86
+ # as dynamic, static, both or right.
87
+ # * +rule+ rule object
88
+ def __add__(rule)
89
+ if rule.right?
90
+ # if the rule is a right, its not clear yet whether
91
+ # it is static or dynamic. These rules will be analyzed later.
92
+ raise_if_forbidden_name 'right', rule
93
+ raise_if_exists 'right', @rights[rule.name]
94
+ @rights[rule.name] = rule
95
+ else
96
+ raise_if_forbidden_name 'relation', rule
97
+ if rule.dynamic?
98
+ raise_if_exists 'dynamic relation', @dynamic[rule.name]
99
+ @dynamic[rule.name] = rule
100
+ end
101
+ if rule.static?
102
+ raise_if_exists 'static relation', @static[rule.name]
103
+ @static[rule.name] = rule
104
+ end
105
+ end
106
+ rule
107
+ end
108
+
109
+ # Raises an error if +rule+ is not nil.
110
+ # * +type+ type of rule, like 'right' or 'dynamic relation'
111
+ # * +rule+ existing rule object or nil
112
+ def raise_if_exists(type,rule)
113
+ raise AnnotationSecurity::RuleError.defined_twice(type,rule) if rule
114
+ end
115
+
116
+ # Raises an error if +rule+ has a forbidden name.
117
+ # * +type+ type of rule, like 'right' or 'relation'
118
+ # * +rule+ rule object
119
+ def raise_if_forbidden_name(type,rule)
120
+ if AnnotationSecurity::AbstractPolicy.forbidden_rule_names.include? rule.name.to_s
121
+ raise AnnotationSecurity::RuleError.forbidden_name(type,rule)
122
+ end
123
+ end
124
+
125
+ # Returns a dynamic rule that was defined as right
126
+ # * +symbol+ name of the rule
127
+ def get_dynamic_right(symbol)
128
+ r = @rights[symbol]
129
+ r and r.dynamic? ? r : nil
130
+ end
131
+
132
+ # Returns a static rule that was defined as right
133
+ # * +symbol+ name of the rule
134
+ def get_static_right(symbol)
135
+ r = @rights[symbol]
136
+ r and r.static? ? r : nil
137
+ end
138
+
139
139
  end
@@ -1,39 +1,22 @@
1
- #
2
- # = annotation_security/rails/init.rb
3
- #
4
- # Loads the annotation security layer for a rails app
5
-
6
- require "action_controller/dispatcher"
7
- require "action_controller/base"
8
-
9
- module AnnotationSecurity
10
-
11
- # Contains rails specific initializer
12
- class Rails
13
- def self.init!(config)
14
-
15
- # Policy files are situated under RAILS_ROOT/config/security
16
- # Default policy file is internal, load it
17
- ::AnnotationSecurity.load_relations(File.dirname(__FILE__) + '/policy/all_resources_policy')
18
-
19
- # Add AnnotationSecurity::ModelObserver to observe changes in models.
20
- # See http://riotprojects.com/2009/1/18/active-record-observers-in-gems-plugins
21
- #
22
- config.after_initialize do
23
- # Set up a dummy security context that does not interfer with script
24
- ::SecurityContext.initialize nil
25
-
26
- ::ActiveRecord::Base.observers << ::AnnotationSecurity::ModelObserver
27
-
28
- # In development mode, the models we observe get reloaded with each request. Using
29
- # this hook allows us to reload the observer relationships each time as well.
30
- ::ActionController::Dispatcher.to_prepare(:cache_advance_reload) do
31
- ::AnnotationSecurity.reset
32
- ::AnnotationSecurity::ModelObserver.instance.reload_model_observer
33
- end
34
- end
35
-
36
- puts "Security layer initialized"
37
- end
38
- end
39
- end
1
+ #
2
+ # = lib/annotation_security/rails.rb
3
+ #
4
+ # This modul provides the rails extensions contained in the
5
+ # AnnotationSecurity security layer.
6
+ #
7
+
8
+ #
9
+ # Contains rails specific extensions
10
+ #
11
+ module AnnotationSecurity::Rails; end
12
+
13
+ # Load annotation security files
14
+ rails_version = Rails::VERSION::MAJOR
15
+ dir = File.dirname(__FILE__)
16
+
17
+ require dir + "/rails/#{rails_version}/includes/action_controller"
18
+ require dir + "/rails/#{rails_version}/includes/active_record"
19
+
20
+ require dir + "/rails/#{rails_version}/model_observer"
21
+ require dir + "/rails/#{rails_version}/initializer"
22
+ require dir + "/rails/filters"
@@ -1,134 +1,132 @@
1
- #
2
- # = lib/extensions/filter.rb
3
- #
4
- # Adds security filters to the Rails filter mechanism.
5
- #
6
- # Modifies ActionController::Filter::FilterChain. Might not work with other
7
- # gems modifying this class.
8
- #
9
-
10
- # Extends ActiveRecord::Base and patches ActionController::Filters
11
- #
12
- # Performs additions to the rails filter chain. It basically adds two
13
- # filters which may not be removed:
14
- #
15
- # 1) Before Fiter to initialize SecurityContext
16
- # 2) Around Filter around actions
17
- #
18
- # The altered filter chain looks like this:
19
- #
20
- # * AnnotationSecurity::Filters::InitializeSecurity
21
- # * ... other before filters
22
- # * around filters ...
23
- # * AnnotationSecurity::Filters::ApplySecurity
24
- # * after filters
25
- #
26
- module ActionController # :nodoc:
27
- module Filters # :nodoc:
28
- class FilterChain # :nodoc:
29
- def self.new(&block)
30
- super.tap do |filter_chain|
31
- filter_chain.append_filter_to_chain([AnnotationSecurity::Filters::InitializeSecurity], :security, &block)
32
- filter_chain.append_filter_to_chain([AnnotationSecurity::Filters::ApplySecurity], :action_security, &block)
33
- end
34
- end
35
-
36
- private
37
-
38
- def find_filter_append_position(filters, filter_type)
39
- # appending an after filter puts it at the end of the call chain
40
- # before and around filters go after security filters and
41
- # before the first after or action_security filter
42
- #
43
- return -1 if filter_type == :after
44
-
45
- if filter_type == :security
46
- #security filters are first filters in chain
47
- each_with_index do |f,i|
48
- return i unless f.security?
49
- end
50
- else
51
- each_with_index do |f,i|
52
- return i if f.after? or f.action_security?
53
- end
54
- end
55
- return -1
56
- end
57
-
58
- def find_filter_prepend_position(filters, filter_type)
59
- if filter_type == :after
60
- # after filters go before the first after filter in the chain
61
- each_with_index do |f,i|
62
- return i if f.after?
63
- end
64
- return -1
65
- elsif filter_type == :security
66
- return 0
67
- else
68
- # prepending a before or around filter puts it at the front of the call chain
69
- each_with_index do |f,i|
70
- return i unless f.security?
71
- end
72
- end
73
- return 0 # Since first filter is security initialization filter
74
- end
75
-
76
- def find_or_create_filter(filter, filter_type, options = {})
77
- update_filter_in_chain([filter], options)
78
-
79
- if found_filter = find(filter) { |f| f.type == filter_type }
80
- found_filter
81
- else
82
- filter_kind = case
83
- when filter.respond_to?(:before) && filter_type == :before
84
- :before
85
- when filter.respond_to?(:after) && filter_type == :after
86
- :after
87
- else
88
- :filter
89
- end
90
-
91
- case filter_type
92
- when :before
93
- BeforeFilter.new(filter_kind, filter, options)
94
- when :after
95
- AfterFilter.new(filter_kind, filter, options)
96
- when :security
97
- SecurityFilter.new(filter_kind, filter, options)
98
- when :action_security
99
- ActionSecurityFilter.new(filter_kind, filter, options)
100
- else
101
- AroundFilter.new(filter_kind, filter, options)
102
- end
103
- end
104
- end
105
- end
106
-
107
- class Filter # :nodoc:
108
-
109
- # override to return true in appropriate subclass
110
- def security?
111
- false
112
- end
113
-
114
- def action_security?
115
- false
116
- end
117
- end
118
-
119
- # the customized security filter that sets the current user
120
- # and catches security exceptions
121
- class SecurityFilter < AroundFilter # :nodoc:
122
- def security?
123
- true
124
- end
125
- end
126
-
127
- # filter used to activate security for actions
128
- class ActionSecurityFilter < AroundFilter # :nodoc:
129
- def action_security?
130
- true
131
- end
132
- end
133
- end
1
+ #
2
+ # = lib/annotation_security/rails/extensions/filter/rails2.rb
3
+ #
4
+ # Patches rails 2 filter chain to allow security filters
5
+ #
6
+
7
+ # Extends ActiveRecord::Base and patches ActionController::Filters
8
+ #
9
+ # Performs additions to the rails filter chain. It basically adds two
10
+ # filters which may not be removed:
11
+ #
12
+ # 1) Before Fiter to initialize SecurityContext
13
+ # 2) Around Filter around actions
14
+ #
15
+ # The altered filter chain looks like this:
16
+ #
17
+ # * AnnotationSecurity::Rails::Filters::InitializeSecurity
18
+ # * ... other before filters
19
+ # * around filters ...
20
+ # * AnnotationSecurity::Rails::Filters::ApplySecurity
21
+ # * after filters
22
+ #
23
+
24
+ module ActionController # :nodoc:
25
+ module Filters # :nodoc:
26
+ class FilterChain # :nodoc:
27
+ def self.new(&block)
28
+ returning super do |filter_chain|
29
+ filter_chain.append_filter_to_chain([AnnotationSecurity::Rails::Filters::InitializeSecurity], :security, &block)
30
+ filter_chain.append_filter_to_chain([AnnotationSecurity::Rails::Filters::ApplySecurity], :action_security, &block)
31
+ end
32
+ end
33
+
34
+ private
35
+
36
+ def find_filter_append_position(filters, filter_type)
37
+ # appending an after filter puts it at the end of the call chain
38
+ # before and around filters go after security filters and
39
+ # before the first after or action_security filter
40
+ #
41
+ return -1 if filter_type == :after
42
+
43
+ if filter_type == :security
44
+ #security filters are first filters in chain
45
+ each_with_index do |f,i|
46
+ return i unless f.security?
47
+ end
48
+ else
49
+ each_with_index do |f,i|
50
+ return i if f.after? or f.action_security?
51
+ end
52
+ end
53
+ return -1
54
+ end
55
+
56
+ def find_filter_prepend_position(filters, filter_type)
57
+ if filter_type == :after
58
+ # after filters go before the first after filter in the chain
59
+ each_with_index do |f,i|
60
+ return i if f.after?
61
+ end
62
+ return -1
63
+ elsif filter_type == :security
64
+ return 0
65
+ else
66
+ # prepending a before or around filter puts it at the front of the call chain
67
+ each_with_index do |f,i|
68
+ return i unless f.security?
69
+ end
70
+ end
71
+ return 0 # Since first filter is security initialization filter
72
+ end
73
+
74
+ def find_or_create_filter(filter, filter_type, options = {})
75
+ update_filter_in_chain([filter], options)
76
+
77
+ if found_filter = find(filter) { |f| f.type == filter_type }
78
+ found_filter
79
+ else
80
+ filter_kind = case
81
+ when filter.respond_to?(:before) && filter_type == :before
82
+ :before
83
+ when filter.respond_to?(:after) && filter_type == :after
84
+ :after
85
+ else
86
+ :filter
87
+ end
88
+
89
+ case filter_type
90
+ when :before
91
+ BeforeFilter.new(filter_kind, filter, options)
92
+ when :after
93
+ AfterFilter.new(filter_kind, filter, options)
94
+ when :security
95
+ SecurityFilter.new(filter_kind, filter, options)
96
+ when :action_security
97
+ ActionSecurityFilter.new(filter_kind, filter, options)
98
+ else
99
+ AroundFilter.new(filter_kind, filter, options)
100
+ end
101
+ end
102
+ end
103
+ end
104
+
105
+ class Filter # :nodoc:
106
+
107
+ # override to return true in appropriate subclass
108
+ def security?
109
+ false
110
+ end
111
+
112
+ def action_security?
113
+ false
114
+ end
115
+ end
116
+
117
+ # the customized security filter that sets the current user
118
+ # and catches security exceptions
119
+ class SecurityFilter < AroundFilter # :nodoc:
120
+ def security?
121
+ true
122
+ end
123
+ end
124
+
125
+ # filter used to activate security for actions
126
+ class ActionSecurityFilter < AroundFilter # :nodoc:
127
+ def action_security?
128
+ true
129
+ end
130
+ end
131
+ end
134
132
  end