annotation_security 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG +2 -0
- data/HOW-TO +261 -0
- data/MIT-LICENSE +18 -0
- data/README +39 -0
- data/Rakefile +56 -0
- data/assets/app/helpers/annotation_security_helper.rb +9 -0
- data/assets/config/initializers/annotation_security.rb +12 -0
- data/assets/config/security/relations.rb +20 -0
- data/assets/config/security/rights.yml +16 -0
- data/assets/vendor/plugins/annotation_security/init.rb +14 -0
- data/bin/annotation_security +8 -0
- data/lib/annotation_security/exceptions.rb +125 -0
- data/lib/annotation_security/exec.rb +189 -0
- data/lib/annotation_security/filters.rb +38 -0
- data/lib/annotation_security/includes/action_controller.rb +144 -0
- data/lib/annotation_security/includes/active_record.rb +28 -0
- data/lib/annotation_security/includes/helper.rb +215 -0
- data/lib/annotation_security/includes/resource.rb +85 -0
- data/lib/annotation_security/includes/role.rb +31 -0
- data/lib/annotation_security/includes/user.rb +27 -0
- data/lib/annotation_security/manager/policy_factory.rb +30 -0
- data/lib/annotation_security/manager/policy_manager.rb +80 -0
- data/lib/annotation_security/manager/relation_loader.rb +273 -0
- data/lib/annotation_security/manager/resource_manager.rb +36 -0
- data/lib/annotation_security/manager/right_loader.rb +88 -0
- data/lib/annotation_security/model_observer.rb +61 -0
- data/lib/annotation_security/policy/abstract_policy.rb +345 -0
- data/lib/annotation_security/policy/abstract_static_policy.rb +76 -0
- data/lib/annotation_security/policy/all_resources_policy.rb +21 -0
- data/lib/annotation_security/policy/rule.rb +340 -0
- data/lib/annotation_security/policy/rule_set.rb +139 -0
- data/lib/annotation_security/rails.rb +39 -0
- data/lib/annotation_security/user_wrapper.rb +74 -0
- data/lib/annotation_security/utils.rb +142 -0
- data/lib/annotation_security.rb +98 -0
- data/lib/extensions/action_controller.rb +33 -0
- data/lib/extensions/active_record.rb +35 -0
- data/lib/extensions/filter.rb +134 -0
- data/lib/extensions/object.rb +11 -0
- data/lib/security_context.rb +551 -0
- data/spec/annotation_security/exceptions_spec.rb +17 -0
- data/spec/annotation_security/includes/helper_spec.rb +82 -0
- data/spec/annotation_security/manager/policy_manager_spec.rb +15 -0
- data/spec/annotation_security/manager/resource_manager_spec.rb +17 -0
- data/spec/annotation_security/manager/right_loader_spec.rb +17 -0
- data/spec/annotation_security/policy/abstract_policy_spec.rb +17 -0
- data/spec/annotation_security/policy/all_resources_policy_spec.rb +24 -0
- data/spec/annotation_security/policy/rule_set_spec.rb +112 -0
- data/spec/annotation_security/policy/rule_spec.rb +78 -0
- data/spec/annotation_security/policy/test_policy_spec.rb +81 -0
- data/spec/annotation_security/security_context_spec.rb +78 -0
- data/spec/annotation_security/utils_spec.rb +74 -0
- data/spec/helper/test_controller.rb +66 -0
- data/spec/helper/test_helper.rb +5 -0
- data/spec/helper/test_relations.rb +7 -0
- data/spec/helper/test_resource.rb +39 -0
- data/spec/helper/test_rights.yml +5 -0
- data/spec/helper/test_role.rb +22 -0
- data/spec/helper/test_user.rb +32 -0
- data/spec/rails_stub.rb +38 -0
- data/spec/spec_helper.rb +43 -0
- metadata +157 -0
data/CHANGELOG
ADDED
data/HOW-TO
ADDED
@@ -0,0 +1,261 @@
|
|
1
|
+
= How to secure your Rails application with Annotation Security
|
2
|
+
|
3
|
+
== Step 0: Installing Annotation Security
|
4
|
+
|
5
|
+
Annotation Security comes as a gem hosted on rubygems.org. You can install it
|
6
|
+
via <tt>gem install annotation_security</tt>.
|
7
|
+
The gem contains a binary called <tt>annotation_security</tt>. It can be used to
|
8
|
+
install the security layer into a rails app via
|
9
|
+
<tt>annotation_security --rails RAILS_HOME</tt>. This will make your app ready to be
|
10
|
+
secured.
|
11
|
+
|
12
|
+
== Step 1: Defining user and roles
|
13
|
+
|
14
|
+
Annotation Security assumes that there is a user class, representing the user,
|
15
|
+
and some role classes containing additional information if the user has a
|
16
|
+
certain role in the application.
|
17
|
+
|
18
|
+
If you don't have user or role classes in your application,
|
19
|
+
continue with step 2.
|
20
|
+
|
21
|
+
=== User
|
22
|
+
|
23
|
+
In most cases the user class will be a subclass of ActiveRecord::Base,
|
24
|
+
but this is not necessary.
|
25
|
+
|
26
|
+
Include the module AnnotationSecurity::User into this class.
|
27
|
+
|
28
|
+
class User < ActiveRecord::Base
|
29
|
+
include AnnotationSecurity::User
|
30
|
+
...
|
31
|
+
|
32
|
+
=== Roles
|
33
|
+
|
34
|
+
Include the module AnnotationSecurity::Role into these classes. If you are
|
35
|
+
having a hierachy of role classes, only include the module in the topmost class.
|
36
|
+
|
37
|
+
class Role < ActiveRecord::Base
|
38
|
+
belongs_to :user
|
39
|
+
include AnnotationSecurity::Role
|
40
|
+
...
|
41
|
+
|
42
|
+
class Student < Role
|
43
|
+
# no include here
|
44
|
+
...
|
45
|
+
|
46
|
+
A role object should respond to +user+ with returning the user object
|
47
|
+
it belongs to.
|
48
|
+
|
49
|
+
Do not include both modules in one class!
|
50
|
+
|
51
|
+
=== Connecting user and roles
|
52
|
+
|
53
|
+
As next, you should provide some default methods for accessing the roles
|
54
|
+
of a user. You can skip this step, but it will be helpfull later on.
|
55
|
+
|
56
|
+
There are two types of access methods: <tt>is_ROLE?</tt> and +as_ROLE+.
|
57
|
+
|
58
|
+
IS-methods return true or false whether a user has a role or not.
|
59
|
+
class User < ActiveRecord::Base
|
60
|
+
def is_administrator?
|
61
|
+
self.admin_flag == 1
|
62
|
+
end
|
63
|
+
def is_student?
|
64
|
+
self.roles.any? { |role| role.is_a? Student }
|
65
|
+
end
|
66
|
+
...
|
67
|
+
|
68
|
+
AS-methods return a single object or an array of objects representing the role.
|
69
|
+
If the user does not have the role, the result should be an empty array or nil.
|
70
|
+
class User < ActiveRecord::Base
|
71
|
+
def as_administrator
|
72
|
+
# there is no administrator class, just return the user
|
73
|
+
is_administrator? ? self : nil
|
74
|
+
end
|
75
|
+
def as_student
|
76
|
+
# assuming a user can only be student once
|
77
|
+
self.roles.detect { |role| role.is_a? Student }
|
78
|
+
end
|
79
|
+
def as_corrector
|
80
|
+
# assuming a user can be a corrector several times
|
81
|
+
self.roles.select { |role| role.is_a? Corrector }
|
82
|
+
end
|
83
|
+
|
84
|
+
== Step 2: Providing the current credential
|
85
|
+
|
86
|
+
To evaluate the security policies, for each request the current credential has
|
87
|
+
to be provided. Therefore, a new filter type was introduced: security filters
|
88
|
+
are around filters that are always the first in the filter chain. You can also
|
89
|
+
use these filters to react to security violations.
|
90
|
+
|
91
|
+
In this example, the user is simply fetched from the session. However, you
|
92
|
+
could also pass a symbol or a string (e.g. if you are using API-keys).
|
93
|
+
|
94
|
+
Passing +nil+ will be interpreted as not being authenticated in any way.
|
95
|
+
|
96
|
+
class ApplicationController < ActionController::Base
|
97
|
+
|
98
|
+
security_filter :security_filter
|
99
|
+
|
100
|
+
private
|
101
|
+
|
102
|
+
def security_filter
|
103
|
+
SecurityContext.current_credential = session[:user]
|
104
|
+
yield
|
105
|
+
rescue SecurityViolationError
|
106
|
+
if SecurityContext.is? :logged_in
|
107
|
+
render :template => "welcome/not_allowed"
|
108
|
+
else
|
109
|
+
render :template => "welcome/please_login"
|
110
|
+
end
|
111
|
+
end
|
112
|
+
|
113
|
+
Please notice that once set, the credential cannot be changed.
|
114
|
+
|
115
|
+
== Step 3: Defining your resources
|
116
|
+
|
117
|
+
Another wild assumption we made is that your application contains some resources
|
118
|
+
you want to protect. In most cases, this will be your ActiveRecord classes.
|
119
|
+
To turn them into resources, just call <tt>resource(symbol)</tt> in the class
|
120
|
+
definition.
|
121
|
+
class Course < ActiveRecord::Base
|
122
|
+
resource :course
|
123
|
+
...
|
124
|
+
The symbol is used to further identify this class and should be unique.
|
125
|
+
|
126
|
+
It is possible (and likely) that the users and roles are resources as well.
|
127
|
+
|
128
|
+
If you want to restrict access to other resource classes, see
|
129
|
+
AnnotationSecurity::Resource for more information.
|
130
|
+
|
131
|
+
== Step 4: Defining relations and rights
|
132
|
+
|
133
|
+
in <tt>config/security</tt> you will find the files <tt>relations.rb</tt> and
|
134
|
+
<tt>rights.yml</tt>.
|
135
|
+
|
136
|
+
=== Relations
|
137
|
+
|
138
|
+
The relations between the user (or the roles) and the resources are defined
|
139
|
+
as code blocks, that evaluate to true or false.
|
140
|
+
|
141
|
+
The <tt>:as</tt>-flag causes that instead of the user object, a role object
|
142
|
+
will be passed into the block (using the +as_ROLE+-method from above).
|
143
|
+
Similar, the <tt>:is</tt>-flag can be used as precondition.
|
144
|
+
|
145
|
+
AnnotationSecurity.define_relations do
|
146
|
+
resource :course do
|
147
|
+
enrolled :as => :student { |student,course| course.students.include? student }
|
148
|
+
corrector :as => :corrector { |corrector,course| corrector.corrects? course }
|
149
|
+
lecturer :as => :lecturer { |lecturer,course| lecturer.lectures? course }
|
150
|
+
end
|
151
|
+
...
|
152
|
+
|
153
|
+
You can also define relations that are valid for all resources.
|
154
|
+
all_resources do
|
155
|
+
# corrector and lecturer are defined by the resource
|
156
|
+
responsible { corrector or lecturer }
|
157
|
+
# no block required here
|
158
|
+
administrator :is => :administrator
|
159
|
+
end
|
160
|
+
|
161
|
+
For more details and features on defining relations,
|
162
|
+
see AnnotationSecurity::RelationLoader.
|
163
|
+
|
164
|
+
=== Rights
|
165
|
+
|
166
|
+
The rights of application are specified in a YAML-file, they correspond to the
|
167
|
+
actions(not necessarily the controller actions) that can be performed on a
|
168
|
+
resource. For instance, to edit a course object, you will need the edit-right
|
169
|
+
for the course resource. If you are not sure which rights your application
|
170
|
+
needs, just skip this now and return after step 5.
|
171
|
+
|
172
|
+
Rights should be valid ruby conditional statements.
|
173
|
+
|
174
|
+
course:
|
175
|
+
create: if lecturer
|
176
|
+
show: if enrolled or responsible
|
177
|
+
edit: if responsible
|
178
|
+
|
179
|
+
AnnotationSecurity provides two default relations: +logged_in+, that is true
|
180
|
+
if there is a user at all, and +self+, that can be used to determine if a user
|
181
|
+
or role resource belongs to the current user.
|
182
|
+
|
183
|
+
user:
|
184
|
+
register: unless logged_in
|
185
|
+
show: if logged_in
|
186
|
+
edit: if self or administrator
|
187
|
+
student:
|
188
|
+
show_results: if self
|
189
|
+
|
190
|
+
To improve readability, you can append 'may', 'is', 'can' or 'has' as prefix and
|
191
|
+
'for', 'in', 'of' or 'to' as suffix to the relation name.
|
192
|
+
This is especially recommended if you are defining rights that depend on
|
193
|
+
other rights of the resource.
|
194
|
+
|
195
|
+
assignment:
|
196
|
+
edit: if responsible
|
197
|
+
delete: if may_edit
|
198
|
+
|
199
|
+
Another example can be found at AnnotationSecurity::RightLoader.
|
200
|
+
|
201
|
+
== Step 5: Securing your actions
|
202
|
+
|
203
|
+
The main goal of AnnotationSecurity was to remove security logic from
|
204
|
+
controller actions. Now you only have to define the abstract effects of an
|
205
|
+
action.
|
206
|
+
|
207
|
+
An action performs one or more tasks on different resources. You have to provide
|
208
|
+
this information as a descriptions, using the
|
209
|
+
{Action Annotation Gem}[http://comasy.nixis.de].
|
210
|
+
A description always has the form 'ACTION on RESOURCE'.
|
211
|
+
|
212
|
+
desc 'shows a course'
|
213
|
+
def show
|
214
|
+
@course = Course.find(params[:id])
|
215
|
+
end
|
216
|
+
|
217
|
+
To perform a task, the user must have the right for it. Thus, when a course is
|
218
|
+
fetched from the database during the show-action, the right course/show will be
|
219
|
+
evaluated for the current user and the course instance.
|
220
|
+
|
221
|
+
In our example, the user has to be responsible or enrolled. If both relations
|
222
|
+
evaluate to false, the right is not given and access will be denied by raising
|
223
|
+
a SecurityViolationError, which will then be catched in the security filter.
|
224
|
+
|
225
|
+
Congratulations, you Rails application is secured now.
|
226
|
+
|
227
|
+
== Step 6: Securing your views
|
228
|
+
|
229
|
+
However, actions aren't the only place with security code. Links to the actions
|
230
|
+
are shown in the view and very often, the view itself depends on the
|
231
|
+
user's rights.
|
232
|
+
|
233
|
+
When setting up Annotation Security in your Rails project, a helper will be
|
234
|
+
included automatically. The most important functions this helper provides are
|
235
|
+
<tt>allowed?</tt> and +link_to_if_allowed+.
|
236
|
+
|
237
|
+
The method <tt>allowed?</tt> expects a right and a resource and returns true iif
|
238
|
+
the current user has that right.
|
239
|
+
|
240
|
+
<% unless allowed? :edit, @course %>
|
241
|
+
<p>You may not edit this course!</p>
|
242
|
+
<% end %>
|
243
|
+
|
244
|
+
+link_to_if_allowed+ expects the same arguments as +link_to+, except it also
|
245
|
+
expects a block like +link_to_if+ (which will be called internally).
|
246
|
+
|
247
|
+
<%= link_to_if_allowed("New", new_course_path) { "You may not create a new course." } %>
|
248
|
+
<%= link_to_if_allowed("Edit", edit_course_path(@course)) { } %>
|
249
|
+
<%= link_to_if_allowed("Delete", @course, {:method => :delete}) { } %>
|
250
|
+
|
251
|
+
+link_to_if_allowed+ tries to automatically detect the accessed resources.
|
252
|
+
In case this should not work for you, see AnnotationSecurity::Helper for more
|
253
|
+
features.
|
254
|
+
|
255
|
+
== Step 7: Live long and prosper
|
256
|
+
|
257
|
+
Well, that's it. Here are some additional notes:
|
258
|
+
* in development mode, the rights and relations are reloaded with every request.
|
259
|
+
* See AnnotationSecurity::RelationLoader and AnnotationSecurity::RightLoader
|
260
|
+
for more examples and features for defining relations and rights.
|
261
|
+
* See AnnotationSecurity::Helper for more methods for securing your views.
|
data/MIT-LICENSE
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
Copyright (c) 2009 Nico Rehwaldt, Arian Treffer
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy of
|
4
|
+
this software and associated documentation files (the "Software"), to deal in
|
5
|
+
the Software without restriction, including without limitation the rights to
|
6
|
+
use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
|
7
|
+
the Software, and to permit persons to whom the Software is furnished to do so,
|
8
|
+
subject to the following conditions:
|
9
|
+
|
10
|
+
The above copyright notice and this permission notice shall be included in all
|
11
|
+
copies or substantial portions of the Software.
|
12
|
+
|
13
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
14
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
|
15
|
+
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
|
16
|
+
COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
|
17
|
+
IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
|
18
|
+
CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README
ADDED
@@ -0,0 +1,39 @@
|
|
1
|
+
== AnnotationSecurity plugin for Ruby on Rails
|
2
|
+
|
3
|
+
This plugin provides a security layer for rails applications. It performs access
|
4
|
+
checks based on a behavioural description of controller actions. Security rules
|
5
|
+
are defined cleanly separated from your models and controllers.
|
6
|
+
|
7
|
+
== Installation steps
|
8
|
+
|
9
|
+
The security layer is a gem and may be installed using
|
10
|
+
<tt>gem install annotation_security</tt>.
|
11
|
+
|
12
|
+
After installing the gem, run <tt>annotation_security --rails RAILS_HOME</tt> to
|
13
|
+
integrate the security layer in your rails app. Along with the
|
14
|
+
annotation_security plugin this will add
|
15
|
+
|
16
|
+
* the AnnotationSecurity::Helper in the <tt>app/helpers</tt> folder of your
|
17
|
+
rails-app. It provides some useful methods to create links and query the
|
18
|
+
security layer from views.
|
19
|
+
* example configuration files to setup the security layer under <tt>config/security</tt>
|
20
|
+
* an initializer for the security layer under <tt>config/initializer</tt>
|
21
|
+
|
22
|
+
== Where to start
|
23
|
+
|
24
|
+
You can find a basic introduction how to secure your application {here}[link:files/HOW-TO.html].
|
25
|
+
In order to get a detailed idea about how things work, have a deeper look
|
26
|
+
inside AnnotationSecurity::ActionController (how to secure your application),
|
27
|
+
AnnotationSecurity::RightLoader (how to setup rights) and
|
28
|
+
AnnotationSecurity::RelationLoader (how to setup relations).
|
29
|
+
|
30
|
+
Have a look at the view methods provided by the AnnotationSecurity::Helper as
|
31
|
+
well and at the SecurityContext which is the main entry-point for security related
|
32
|
+
functionality in the layer.
|
33
|
+
|
34
|
+
== License
|
35
|
+
|
36
|
+
Copyright Nico Rehwaldt, Arian Treffer 2009, 2010
|
37
|
+
|
38
|
+
You may use, copy and redistribute this library under the same terms as
|
39
|
+
{Ruby itself}[http://www.ruby-lang.org/en/LICENSE.txt] or under the MIT license.
|
data/Rakefile
ADDED
@@ -0,0 +1,56 @@
|
|
1
|
+
#
|
2
|
+
# To change this template, choose Tools | Templates
|
3
|
+
# and open the template in the editor.
|
4
|
+
|
5
|
+
|
6
|
+
require 'rubygems'
|
7
|
+
require 'rake'
|
8
|
+
require 'rake/clean'
|
9
|
+
require 'rake/gempackagetask'
|
10
|
+
require 'rake/rdoctask'
|
11
|
+
require 'spec/rake/spectask'
|
12
|
+
|
13
|
+
spec = Gem::Specification.new do |s|
|
14
|
+
s.name = 'annotation_security'
|
15
|
+
s.version = '1.0.1'
|
16
|
+
s.has_rdoc = true
|
17
|
+
s.extra_rdoc_files = ['README', 'MIT-LICENSE', 'CHANGELOG', 'HOW-TO']
|
18
|
+
s.summary = 'A role based security model for rails applications with ' +
|
19
|
+
'descriptive definitions and automated evaluation.'
|
20
|
+
s.description =
|
21
|
+
'AnnotationSecurity provides a role based security model with automated ' +
|
22
|
+
'rule evaluation for Ruby on Rails. It allows you to define user-resource-'+
|
23
|
+
'relations and rights in separate files, keeping your controllers and ' +
|
24
|
+
'views free from any security logic. See the gem\'s homepage for an ' +
|
25
|
+
'example.'
|
26
|
+
s.author = 'Nico Rehwaldt, Arian Treffer'
|
27
|
+
s.email = 'ruby@nixis.de'
|
28
|
+
s.homepage = 'http://tech.lefedt.de/2010/3/annotation-based-security-for-rails'
|
29
|
+
s.add_dependency 'action_annotation', '>= 1.0.1'
|
30
|
+
s.add_dependency 'activesupport', '>= 2.3.5'
|
31
|
+
s.add_development_dependency 'rspec', '>= 1.2.0'
|
32
|
+
s.add_development_dependency 'mocha', '>= 0.9.8'
|
33
|
+
s.executables = ['annotation_security']
|
34
|
+
s.files = %w(CHANGELOG MIT-LICENSE README HOW-TO Rakefile) + Dir.glob("{bin,lib,spec,assets}/**/*")
|
35
|
+
s.require_path = "lib"
|
36
|
+
s.bindir = "bin"
|
37
|
+
end
|
38
|
+
|
39
|
+
Rake::GemPackageTask.new(spec) do |p|
|
40
|
+
p.gem_spec = spec
|
41
|
+
p.need_tar = true
|
42
|
+
p.need_zip = true
|
43
|
+
end
|
44
|
+
|
45
|
+
Rake::RDocTask.new do |rdoc|
|
46
|
+
files = ['README', 'MIT-LICENSE', 'CHANGELOG', 'HOW-TO', 'lib/**/*.rb']
|
47
|
+
rdoc.rdoc_files.add(files)
|
48
|
+
rdoc.main = "README" # page to start on
|
49
|
+
rdoc.title = "Annotation Security Docs"
|
50
|
+
rdoc.rdoc_dir = 'doc' # rdoc output folder
|
51
|
+
rdoc.options << '--line-numbers'
|
52
|
+
end
|
53
|
+
|
54
|
+
Spec::Rake::SpecTask.new do |t|
|
55
|
+
t.spec_files = FileList['spec/**/*_spec.rb']
|
56
|
+
end
|
@@ -0,0 +1,9 @@
|
|
1
|
+
#
|
2
|
+
# = app/helpers/annotation_security_helper.rb
|
3
|
+
#
|
4
|
+
# This helper provides some useful view methods to be used in conjunction with
|
5
|
+
# the plugin. See AnnotationSecurity::Helper for documentation.
|
6
|
+
#
|
7
|
+
module AnnotationSecurityHelper
|
8
|
+
include AnnotationSecurity::Helper
|
9
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
#
|
2
|
+
# = config/initializers/annotation_security.rb
|
3
|
+
#
|
4
|
+
# Sets up files under <tt>config/security</tt> which hold
|
5
|
+
# the security configuration.
|
6
|
+
|
7
|
+
#
|
8
|
+
# Add your own files here if they should also be loaded.
|
9
|
+
#
|
10
|
+
AnnotationSecurity.load_relations('relations')
|
11
|
+
AnnotationSecurity.load_rights('rights')
|
12
|
+
# AnnotationSecurity.load_rights('rights', 'rb) # loads rights from a ruby file
|
@@ -0,0 +1,20 @@
|
|
1
|
+
AnnotationSecurity.define_relations do
|
2
|
+
|
3
|
+
# All relations are defined in the context of a resource.
|
4
|
+
# The block should return true iif the user has this relations.
|
5
|
+
|
6
|
+
# all_resources do
|
7
|
+
# administrator(:system, :is => :administrator)
|
8
|
+
# owner_or_admin(:pretest){ owner or administrator }
|
9
|
+
# owner(:system) { |user| user.status == :registered }
|
10
|
+
# end
|
11
|
+
|
12
|
+
# resource :album do
|
13
|
+
# owner { |user, album| album.owner == user }
|
14
|
+
# end
|
15
|
+
|
16
|
+
# resource :picture do
|
17
|
+
# owner "if owner: album"
|
18
|
+
# end
|
19
|
+
|
20
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
#all_resources:
|
2
|
+
# show: if logged_in
|
3
|
+
# edit: if may_show
|
4
|
+
# delete: if may_edit
|
5
|
+
#
|
6
|
+
#welcome:
|
7
|
+
# show: if logged_in
|
8
|
+
# register: unless logged_in
|
9
|
+
#
|
10
|
+
#picture:
|
11
|
+
# show: if owner or friend
|
12
|
+
#
|
13
|
+
#user_content:
|
14
|
+
# applies_to: picture, comment
|
15
|
+
# create: if logged_in
|
16
|
+
# edit: if owner
|
@@ -0,0 +1,14 @@
|
|
1
|
+
#
|
2
|
+
# = init.rb
|
3
|
+
#
|
4
|
+
# This file will be copied to a rails apps `vendors/plugins/annotation_security`
|
5
|
+
# directory if the annotation_security gem is installed into a rails app
|
6
|
+
# via `annosec --rails`. It will be invoked by the rails app during startup an
|
7
|
+
# loads the security layer.
|
8
|
+
#
|
9
|
+
|
10
|
+
require "annotation_security"
|
11
|
+
|
12
|
+
# Initialize security layer for rails root
|
13
|
+
puts "Initializing AnnotationSecurity security layer"
|
14
|
+
AnnotationSecurity::init_rails(binding)
|
@@ -0,0 +1,125 @@
|
|
1
|
+
#
|
2
|
+
# = lib/annotation_security/exceptions.rb
|
3
|
+
#
|
4
|
+
# Provides some Exceptions used within AnnotationSecurity
|
5
|
+
|
6
|
+
module AnnotationSecurity
|
7
|
+
|
8
|
+
# Superclass of all security related errors thrown by anno sec
|
9
|
+
class SecurityError < StandardError # :nodoc:
|
10
|
+
end
|
11
|
+
|
12
|
+
end
|
13
|
+
|
14
|
+
# Exception indicating that some rights were violated.
|
15
|
+
#
|
16
|
+
class SecurityViolationError < AnnotationSecurity::SecurityError
|
17
|
+
|
18
|
+
def self.access_denied(user,*args) # :nodoc:
|
19
|
+
new(user,*args)
|
20
|
+
end
|
21
|
+
|
22
|
+
def initialize(user=nil,*args) # :nodoc:
|
23
|
+
if user == nil || args.empty?
|
24
|
+
super "Access denied"
|
25
|
+
else
|
26
|
+
super load_args(user,args)
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
def load_args(user,args) # :nodoc:
|
31
|
+
@user = user
|
32
|
+
@action,@resclass,@res = AnnotationSecurity::Utils.parse_policy_arguments(args)
|
33
|
+
"You (#@user) are missing the right '#@action' for #@resclass" +
|
34
|
+
(@res.blank? ? '' : " '#@res'")
|
35
|
+
end
|
36
|
+
|
37
|
+
# user that violated the right
|
38
|
+
#
|
39
|
+
def user
|
40
|
+
@user
|
41
|
+
end
|
42
|
+
|
43
|
+
# the action that should have been performed on the resource object
|
44
|
+
#
|
45
|
+
def action
|
46
|
+
@action
|
47
|
+
end
|
48
|
+
|
49
|
+
# the resource type
|
50
|
+
#
|
51
|
+
def resource_class
|
52
|
+
@resclass
|
53
|
+
end
|
54
|
+
|
55
|
+
# the resource that was accessed
|
56
|
+
#
|
57
|
+
def resource
|
58
|
+
@res
|
59
|
+
end
|
60
|
+
end
|
61
|
+
|
62
|
+
module AnnotationSecurity
|
63
|
+
|
64
|
+
# = AnnotationSecurity::RuleError
|
65
|
+
#
|
66
|
+
# Will be raised if a right or relation is defined twice
|
67
|
+
# or has an invalid name.
|
68
|
+
#
|
69
|
+
class RuleError < SecurityError
|
70
|
+
def self.defined_twice(type,rule) # :nodoc:
|
71
|
+
new "The #{type} #{rule} is defined twice"
|
72
|
+
end
|
73
|
+
|
74
|
+
def self.forbidden_name(type,rule) # :nodoc:
|
75
|
+
new "#{rule} is not allowed as #{type} name"
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
# = AnnotationSecurity::RuleExecutionError
|
80
|
+
#
|
81
|
+
# Will be raised if an error occured while evaluation a right or relation.
|
82
|
+
#
|
83
|
+
class RuleExecutionError < RuleError
|
84
|
+
|
85
|
+
def initialize(rule, proc=false, ex = nil) # :nodoc:
|
86
|
+
if ex
|
87
|
+
log_backtrace(proc,ex)
|
88
|
+
super("An error occured while evaluating #{rule}: \n" +
|
89
|
+
ex.class.name + ": " + ex.message)
|
90
|
+
else
|
91
|
+
super("An error occured while evaluating #{rule}")
|
92
|
+
end
|
93
|
+
end
|
94
|
+
|
95
|
+
def set_backtrace(array) # :nodoc:
|
96
|
+
super((@bt || []) + array[1..-1])
|
97
|
+
end
|
98
|
+
|
99
|
+
private
|
100
|
+
|
101
|
+
# Select all lines of the backtrace above "rule.rb evaluate".
|
102
|
+
# so they can be appended to the backtrace
|
103
|
+
def log_backtrace(proc,ex)
|
104
|
+
return unless proc
|
105
|
+
backtrace = ex.backtrace
|
106
|
+
stop = backtrace.find { |l| l =~ /rule\.rb(.*)`evaluate'/ }
|
107
|
+
stop = backtrace.index(stop) || 5
|
108
|
+
backtrace = backtrace.first(stop)
|
109
|
+
@bt = backtrace.reject { |l| l =~ /annotation_security|active_support/ }
|
110
|
+
end
|
111
|
+
|
112
|
+
end
|
113
|
+
|
114
|
+
# = AnnotationSecurity::RuleNotFoundError
|
115
|
+
#
|
116
|
+
# Will be raised when attempting to acces a right or relation that was not
|
117
|
+
# defined.
|
118
|
+
#
|
119
|
+
class RuleNotFoundError < RuleError
|
120
|
+
def self.for_rule(rname,policy_class)
|
121
|
+
new("Unknown #{policy_class.static? ? 'static' : 'dynamic'} " +
|
122
|
+
"rule '#{rname}' for #{policy_class.name}")
|
123
|
+
end
|
124
|
+
end
|
125
|
+
end
|