authoritah 0.0.4 → 0.0.5
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +8 -3
- data/lib/authoritah.rb +4 -1
- data/spec/authoritah_spec.rb +49 -0
- metadata +3 -3
data/README.rdoc
CHANGED
@@ -19,16 +19,21 @@ By default (i.e. when no Authoritah declarations are made) all requests are allo
|
|
19
19
|
permits :current_user => :admin?
|
20
20
|
end
|
21
21
|
|
22
|
-
This is a wildcard rule. It assumes you have a method on your controller called "current_user" (as something like restful_authentication or authlogic would provide) that returns an object that can respond to an admin? message - the rule will pass if admin? returns true. Once a permit rule is defined access to the actions of this controller are ONLY permitted if you fulfill the predicate.
|
22
|
+
This is a wildcard rule. It assumes you have a method on your controller called "current_user" (as something like restful_authentication or authlogic would provide) that returns an object that can respond to an admin? message - the rule will pass if admin? returns true (or more strictly, non-false). Once a permit rule is defined access to the actions of this controller are ONLY permitted if you fulfill the predicate. If you just have a case where you have a method on your controller to check authorisation, you can do the following:
|
23
23
|
|
24
24
|
class WidgetController < ApplicationController
|
25
25
|
|
26
|
-
permits :
|
27
|
-
permits :current_user => :logged_in?, :to => :show
|
26
|
+
permits :logged_in?
|
28
27
|
end
|
29
28
|
|
30
29
|
What about if we only want to control access to certain actions? Easy, add a :to option and pass it an action or array of actions. You can add as many rules and scope them by action - Authoritah will ensure that a request is only permitted if all rules for a given action pass.
|
31
30
|
|
31
|
+
class WidgetController < ApplicationController
|
32
|
+
|
33
|
+
permits :current_user => :admin?, :to => [:create, :destroy]
|
34
|
+
permits :current_user => :logged_in?, :to => :show
|
35
|
+
end
|
36
|
+
|
32
37
|
You also have the ability to expressly forbid access using the forbids directive:
|
33
38
|
|
34
39
|
class WidgetController < ApplicationController
|
data/lib/authoritah.rb
CHANGED
@@ -26,10 +26,11 @@ module Authoritah
|
|
26
26
|
|
27
27
|
def apply_declaration(perm_type, action_identifier, args)
|
28
28
|
options = args.extract_options!
|
29
|
+
args.each {|a| options[a] = nil}
|
29
30
|
actions = options.delete(action_identifier)
|
30
31
|
|
31
32
|
check_role_selectors(options)
|
32
|
-
|
33
|
+
|
33
34
|
role_method = options.to_a.first[0]
|
34
35
|
role_predicate = options.to_a.first[1]
|
35
36
|
|
@@ -113,6 +114,8 @@ module Authoritah
|
|
113
114
|
controller.send(permission[:role_method]).send(permission[:role_predicate])
|
114
115
|
elsif permission[:role_predicate].is_a? Proc
|
115
116
|
permission[:role_predicate].call(controller.send(permission[:role_method]))
|
117
|
+
elsif permission[:role_predicate] == nil
|
118
|
+
controller.send(permission[:role_method])
|
116
119
|
else
|
117
120
|
false
|
118
121
|
end
|
data/spec/authoritah_spec.rb
CHANGED
@@ -26,6 +26,17 @@ describe Authoritah::Controller do
|
|
26
26
|
TestAuthorizerController.permits(:current_user => :logged_in?, :another_user => :logged_out?)
|
27
27
|
end.should raise_error(Authoritah::Controller::OptionsError)
|
28
28
|
end
|
29
|
+
|
30
|
+
describe "a basic permits wildcard rule with no predicate" do
|
31
|
+
before(:each) do
|
32
|
+
TestAuthorizerController.permits(:current_user)
|
33
|
+
@permissions = TestAuthorizerController.send(:controller_permissions)[:test_authorizer]
|
34
|
+
end
|
35
|
+
it "should have one permission" do @permissions.size.should == 1 end
|
36
|
+
it "should use current_user to retrieve the 'role object'" do @permissions.first[:role_method].should == :current_user end
|
37
|
+
it "should have nil predicate method" do @permissions.first[:role_predicate].should == nil end
|
38
|
+
it "should not specify the actions" do @permissions.first[:actions].should == [:all] end
|
39
|
+
end
|
29
40
|
|
30
41
|
describe "a basic permits wildcard rule" do
|
31
42
|
before(:each) do
|
@@ -70,6 +81,32 @@ describe TestAuthorizerController, :type => :controller do
|
|
70
81
|
end
|
71
82
|
|
72
83
|
describe "specifying permit rules" do
|
84
|
+
context "with a wildcard permission (no predicate)" do
|
85
|
+
before(:each) do
|
86
|
+
TestAuthorizerController.permits(:current_user)
|
87
|
+
end
|
88
|
+
|
89
|
+
context "a user exists" do
|
90
|
+
before(:each) do
|
91
|
+
controller.stubs(:current_user => true)
|
92
|
+
end
|
93
|
+
it "should render index" do
|
94
|
+
get :index
|
95
|
+
response.should render_template('index')
|
96
|
+
end
|
97
|
+
end
|
98
|
+
context "an unauthenticated user" do
|
99
|
+
before(:each) do
|
100
|
+
controller.stubs(:current_user => false)
|
101
|
+
end
|
102
|
+
it "should receive a 404" do
|
103
|
+
get :index
|
104
|
+
response.status.should == "404 Not Found"
|
105
|
+
response.should render_template(File.join(RAILS_ROOT, 'public', '/404.html'))
|
106
|
+
end
|
107
|
+
end
|
108
|
+
end
|
109
|
+
|
73
110
|
context "with a wildcard permission" do
|
74
111
|
before(:each) do
|
75
112
|
TestAuthorizerController.permits(:current_user => :logged_in?)
|
@@ -207,4 +244,16 @@ describe TestAuthorizerController, :type => :controller do
|
|
207
244
|
end
|
208
245
|
end
|
209
246
|
end
|
247
|
+
|
248
|
+
describe "overriding check_permissions" do
|
249
|
+
before(:each) do
|
250
|
+
TestAuthorizerController.permits(:current_user => :logged_in?)
|
251
|
+
TestAuthorizerController.send(:define_method, :check_permissions) do
|
252
|
+
return true if permitted?(action_name.to_sym)
|
253
|
+
redirect_to root_url
|
254
|
+
false
|
255
|
+
end
|
256
|
+
end
|
257
|
+
it "should redirect to / instead of rendering /404.html" do get :index; response.should redirect_to(root_url) end
|
258
|
+
end
|
210
259
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: authoritah
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Steven Mohapi-Banks
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2009-
|
12
|
+
date: 2009-10-05 00:00:00 +01:00
|
13
13
|
default_executable:
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
@@ -80,7 +80,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
80
80
|
requirements: []
|
81
81
|
|
82
82
|
rubyforge_project:
|
83
|
-
rubygems_version: 1.3.
|
83
|
+
rubygems_version: 1.3.4
|
84
84
|
signing_key:
|
85
85
|
specification_version: 3
|
86
86
|
summary: A really simple authorization plugin for Rails.
|