authorizer 0.0.4 → 0.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.rdoc +25 -3
- data/lib/authorizer.rb +1 -1
- data/lib/authorizer/base.rb +11 -5
- metadata +13 -10
data/README.rdoc
CHANGED
|
@@ -36,9 +36,31 @@ Now if we would allow Bob to also access the News folder but only read from it,
|
|
|
36
36
|
|
|
37
37
|
This is exactly what Authorizer does for your Rails application.
|
|
38
38
|
|
|
39
|
-
==
|
|
39
|
+
== PROBLEMS:
|
|
40
40
|
|
|
41
|
-
|
|
41
|
+
In development mode, classes are lazy loaded. This will cause Authorizer to not find all subclasses of your class the *second* time you load any page with your development mode server. In development mode, subclasses are loaded ONLY when they are included, so a given class could not have any children at a given time even though you might have defined some! AFAIK there are two possible solutions: 1) reload the subclasses at runtime (workaround) or 2) persist the object hierarchy (comes with synchronisation problems).
|
|
42
|
+
|
|
43
|
+
For development mode, use this workaround:
|
|
44
|
+
|
|
45
|
+
class LegalEntity
|
|
46
|
+
def self.my_subclasses
|
|
47
|
+
[ "Company", "Foundation", "Person" ]
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
if Rails.env.development?
|
|
51
|
+
LegalEntity.my_subclasses.each do |sc|
|
|
52
|
+
require_dependency File.join("app", "models", "#{sc.downcase}.rb")
|
|
53
|
+
end
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
|
|
57
|
+
In other words, when using Authorizer with Single Table Inheritance (STI), you must include the above code snippet in any class that has subclasses and is subject to authorization.
|
|
58
|
+
|
|
59
|
+
More material on this subject:
|
|
60
|
+
http://code.alexreisner.com/articles/single-table-inheritance-in-rails.html
|
|
61
|
+
http://sean-carley.blogspot.com/2006/05/when-rails-needs-clue-single-table.html
|
|
62
|
+
|
|
63
|
+
The 'lazy loading of subclasses' only pertains to development mode, not to production and test.
|
|
42
64
|
|
|
43
65
|
== SYNOPSIS:
|
|
44
66
|
|
|
@@ -92,7 +114,7 @@ Authorizer uses ActiveRecord observers to make sure it doesn't make any mess, fo
|
|
|
92
114
|
== REQUIREMENTS:
|
|
93
115
|
|
|
94
116
|
- Ruby (this gem was tested with 1.8.7)
|
|
95
|
-
- Rails 2.3 (tested with 2.3.11 and 2.3.12)
|
|
117
|
+
- Rails 2.3 (tested with 2.3.11 and 2.3.12 and 2.3.14)
|
|
96
118
|
- An authentication mechanism such as Authlogic for authentication (tested with authlogic 2.1.6)
|
|
97
119
|
|
|
98
120
|
Optional:
|
data/lib/authorizer.rb
CHANGED
data/lib/authorizer/base.rb
CHANGED
|
@@ -283,11 +283,17 @@ module Authorizer
|
|
|
283
283
|
############################################################################
|
|
284
284
|
|
|
285
285
|
def self.internal_find(options = {})
|
|
286
|
-
#
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
286
|
+
# what is not mandatory anymore. If for example nil is specified, that's completely OK
|
|
287
|
+
# because ActiveRecord::Base will then raise for us.
|
|
288
|
+
#OptionsChecker.check(options, [ :what, :class_name ])
|
|
289
|
+
OptionsChecker.check(options, [ :class_name ])
|
|
290
|
+
|
|
291
|
+
# Normally the class name would have to be specified as a String.
|
|
292
|
+
# e.g. Authorizer::Base.find("Post", ...)
|
|
293
|
+
# Convert it to String always so it will be picked up by the begin rescue end right underneath here.
|
|
294
|
+
# So we can use this:
|
|
295
|
+
# Authorizer::Base.find(Post) as well.
|
|
296
|
+
class_name = options[:class_name].to_s
|
|
291
297
|
what = options[:what]
|
|
292
298
|
find_options = options[:find_options] || {}
|
|
293
299
|
user = options[:user] || get_current_user # Default is current user, but the specified user will override.
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: authorizer
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
5
|
-
prerelease:
|
|
4
|
+
hash: 21
|
|
5
|
+
prerelease: false
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 0
|
|
9
|
-
-
|
|
10
|
-
version: 0.0.
|
|
9
|
+
- 5
|
|
10
|
+
version: 0.0.5
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- CmdJohnson
|
|
@@ -15,7 +15,8 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2011-
|
|
18
|
+
date: 2011-12-30 00:00:00 +01:00
|
|
19
|
+
default_executable:
|
|
19
20
|
dependencies:
|
|
20
21
|
- !ruby/object:Gem::Dependency
|
|
21
22
|
name: options_checker
|
|
@@ -39,13 +40,14 @@ dependencies:
|
|
|
39
40
|
requirement: &id002 !ruby/object:Gem::Requirement
|
|
40
41
|
none: false
|
|
41
42
|
requirements:
|
|
42
|
-
- -
|
|
43
|
+
- - ">="
|
|
43
44
|
- !ruby/object:Gem::Version
|
|
44
|
-
hash:
|
|
45
|
+
hash: 47
|
|
45
46
|
segments:
|
|
46
47
|
- 2
|
|
47
|
-
-
|
|
48
|
-
|
|
48
|
+
- 8
|
|
49
|
+
- 0
|
|
50
|
+
version: 2.8.0
|
|
49
51
|
type: :development
|
|
50
52
|
version_requirements: *id002
|
|
51
53
|
description: |-
|
|
@@ -108,6 +110,7 @@ files:
|
|
|
108
110
|
- lib/authorizer/user_observer.rb
|
|
109
111
|
- app/models/object_role.rb
|
|
110
112
|
- rails/init.rb
|
|
113
|
+
has_rdoc: true
|
|
111
114
|
homepage: https://github.com/cmdjohnson/authorizer
|
|
112
115
|
licenses: []
|
|
113
116
|
|
|
@@ -138,7 +141,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
138
141
|
requirements: []
|
|
139
142
|
|
|
140
143
|
rubyforge_project: authorizer
|
|
141
|
-
rubygems_version: 1.
|
|
144
|
+
rubygems_version: 1.3.7
|
|
142
145
|
signing_key:
|
|
143
146
|
specification_version: 3
|
|
144
147
|
summary: Authorizer is a gem for Ruby (in conjunction with Rails 2.3) that does authorization for you on a per-object basis
|