authorizer 0.0.2 → 0.0.3

data/README.rdoc

@@ -100,9 +100,11 @@ Optional:
 
 == INSTALL:
 
- 1. sudo gem install authorizer
- 2. add "authorizer" to your Gemfile (I hope you've stopped using config.gem already even if you are on Rails 2.3?)
- 3. generate a migration for authorization objects:
+Step 1. sudo gem install authorizer
+
+Step 2. add "authorizer" to your Gemfile (I hope you've stopped using config.gem already even if you are on Rails 2.3?)
+
+Step 3. generate a migration for authorization objects:
 
  script/generate migration CreateObjectRoles
 
@@ -123,8 +125,9 @@ Paste this code into the newly generated file:
   drop_table :object_roles
  end
 
- 4. run "rake db:migrate" to migrate your database
- 5. Add these lines to your app/controllers/application_controller.rb:
+Step 4. run "rake db:migrate" to migrate your database
+
+Step 5. Add these lines to your app/controllers/application_controller.rb:
 
   require 'authorizer/exceptions'
 
@@ -133,7 +136,7 @@ Paste this code into the newly generated file:
     render :file => "#{Rails.root}/public/403.html", :status => 403
   end
 
- 6. Download the file public/403.html from {authorizer_project}[https://github.com/cmdjohnson/authorizer_project] and copy it to your own app.
+Step 6. Download the file public/403.html from {authorizer_project}[https://github.com/cmdjohnson/authorizer_project] and copy it to your own app.
  
 That's it!
 

data/lib/authorizer.rb

@@ -3,5 +3,5 @@ $:.unshift(File.dirname(__FILE__)) unless
   $:.include?(File.dirname(__FILE__)) || $:.include?(File.expand_path(File.dirname(__FILE__)))
 
 module Authorizer
-  VERSION = '0.0.2'
+  VERSION = '0.0.3'
 end

data/lib/authorizer/base.rb

@@ -11,28 +11,36 @@ require 'authorizer/application_controller'
 
 module Authorizer
   class Base < ApplicationController
-    ############################################################################
-    # authorize_user
+    # Authorize the current user (retrieved by calling current_user on the object passed using the :object parameter.
+    # The user can also be explicly spcified using :user.
+    # If no :role is specified, "owner" is used.
+    # 
+    # Params:
+    #  - :user (default: current_user)
+    #  - :object
+    #  - :role
     #
-    # If no user is specified, authorizes the current user.
-    # If no role is specified, "owner" is used as role.
-    ############################################################################
-
-    def self.authorize_user(options)
-      OptionsChecker.check(options, [ :object ])
-
+    # Example: Authorizer::Base.authorize_user :object => object
+    def self.authorize_user(options = {})
       ret = false
 
       object = options[:object]
       role = options[:role] || "owner"
       user = options[:user] || get_current_user
+      
+      # User can specify the object using a block, too.
+      if block_given?
+        object = yield
+      end
 
       return false if basic_check_fails?(options)
 
       check_user(user)
       # Checks done. Let's go.
 
-      or_ = find_object_role(object, user)
+      if !object.nil? && !user.nil?
+        or_ = find_object_role(object, user)
+      end
 
       # This time, we want it to be nil.
       if or_.nil? && !user.nil?
@@ -47,12 +55,10 @@ module Authorizer
       ret
     end
 
-    ############################################################################
-    # authorize!
-    #
-    # Bang version of authorize
-    ############################################################################
-
+    # Return true if a user is authorized to act upon this object. Raises Authorizer::UserNotAuthorized upon failure. 
+    # Params:
+    # - :user (default: current_user)
+    # - :object
     def self.authorize! options = {}
       auth_ok = user_is_authorized?(options)
 
@@ -71,12 +77,10 @@ module Authorizer
       auth_ok
     end
 
-    ############################################################################
-    # user_is_authorized?
-    #
-    # If no user is specified, current_user is used.
-    ############################################################################
-
+    # Return true if a user is authorized to act upon this object. Return false if this is not the case.
+    # Params:
+    # - :user (default: current_user)
+    # - :object
     def self.user_is_authorized? options = {}
       OptionsChecker.check(options, [ :object ])
 
@@ -108,17 +112,19 @@ module Authorizer
       ret
     end
 
-    # Could't get alias_method to work. Don't ask me why.
+    # Return true if a user is authorized to act upon this object. Return false if this is not the case.
+    # Synonym for user_is_authorized?
+    # Params:
+    # - :user (default: current_user)
+    # - :object
     def self.authorize(options = {})
-      user_is_authorized?(options)
+      user_is_authorized?(options) # Could't get alias_method to work. Don't ask me why.
     end
 
-    ############################################################################
-    # remove_authorization
-    ############################################################################
-    # Remove authorization a user has on a certain object.
-    ############################################################################
-
+    # Remove authorization from a certain object. Returns true upon success and false upon failure.
+    # Params:
+    # - :user (default: current_user)
+    # - :object
     def self.remove_authorization options = {}
       OptionsChecker.check(options, [ :object ])
 
@@ -133,7 +139,9 @@ module Authorizer
       check_user(user)
       # Checks done. Let's go.
 
-      or_ = find_object_role(object, user)
+      unless user.nil?
+        or_ = find_object_role(object, user)
+      end
 
       unless or_.nil?
         Rails.logger.debug("Authorizer: removed authorization for user ID #{user.id} on #{or_.description}")
@@ -145,10 +153,26 @@ module Authorizer
 
       ret
     end
+    
+    # From the entire collection of Posts in the database, return the number of Posts that belong to the current user.
+    # Returns nil upon failure, returns a positive integer or 0 on success.
+    def self.count(class_name, options = {})
+      ret = nil
+      
+      user = options[:user] || get_current_user
+      find_options = options[:find_options] || {}
+      
+      if !class_name.blank? && !user.blank?
+        begin
+          ret = Authorizer::Base.find(class_name, :all, find_options, { :user => user }).count
+        rescue => e
+          Rails.logger.warn("#{__FILE__}: #{__LINE__}: Failed to count objects for class_name '#{class_name}' for user #{user.inspect}. Error was: #{e}")
+        end
+      end
+      
+      ret
+    end
 
-    ############################################################################
-    # find
-    ############################################################################
     # From the entire collection of Posts, return the subset that belongs to the current user.
     #
     # Arguments:
@@ -156,8 +180,6 @@ module Authorizer
     #  - what: will be passed on to the ActiveRecord find function (e.g. Post.find(what))
     #  - find_options: will also be passed on (e.g. Post.find(what, find_options))
     #  - authorizer_options: options for authorizer, e.g. { :user => @user }
-    ############################################################################
-
     def self.find(class_name, what, find_options = {}, authorizer_options = {})
       options = { :class_name => class_name, :what => what, :find_options => find_options }
       my_options = authorizer_options.merge(options) # options overrides user-specified options.
@@ -165,20 +187,15 @@ module Authorizer
       internal_find(my_options)
     end
 
-    ############################################################################
-    # is_authorized?
-    ############################################################################
-
+    # Return true if a user is authorized to act upon this object. Return false if this is not the case.
+    # Synonym for user_is_authorized
+    # 
+    # This method's only parameter is the object to be checked for authorization so you don't have to type :object => object.
     def self.is_authorized? object
       user_is_authorized? :object => object
     end
 
-    ############################################################################
-    # create_ownership
-    #
-    # ObjectRole.create!( :klazz_name => object.class.to_s, :object_reference => object.id, :user => current_user, :role => "owner" )
-    ############################################################################
-
+    # Shortcut for user_is_authorized. Takes the actual object as a parameter instead of a Hash.
     def self.create_ownership object
       ret = false
 
@@ -233,11 +250,19 @@ module Authorizer
       # Get the real klazz
       klazz = nil
       # Check it
-      begin
-        klazz = eval(class_name)
-      rescue => e
-        # Throw an exception if klazz is nil
-        raise ArgumentError.new("Could not eval class '#{klazz}'. It presumably does not exist. Maybe you mistyped its name? Error was: #{e.inspect}") if klazz.nil?
+      # Ok, Check it ... but ...
+      # If no user is found, let's leave it up to the auth solution to redirect the user to a login page.
+      unless user.nil?
+        begin
+          klazz = eval(class_name)
+        rescue => e
+          # No need to throw this exception here. Just log the error.
+          # It would appear whenever Authorizer was used when a user isn't logged in. 
+          # That just is too much ...
+          s = "Could not eval class '#{class_name}'. It presumably does not exist. Maybe you mistyped its name? Error was: #{e.inspect}"
+          #raise ArgumentError.new(s) if klazz.nil?
+          Rails.logger.warn("#{__FILE__}: #{__LINE__}: " + s)
+        end
       end
       # oooo ooo ooo ___ --- === __- --_- ++_+_ =--- +- =+=-=- =-=    <--- ice beam!
       unless klazz.nil?
@@ -278,6 +303,7 @@ module Authorizer
       ret
     end
 
+    # Find the ObjectRole record that matches object (first argument) and user (second argument).
     def self.find_object_role(object, user)
       return nil if object.nil? || user.nil?
 
@@ -309,19 +335,24 @@ module Authorizer
 
     def self.check_user(user)
       ret = true
-
-      if user.nil?
-        raise Authorizer::RuntimeException.new "User cannot be nil. Maybe you should specify authorizer_options = { :user => user } if you are not calling from a controller?"
-      end
-
-      unless user.is_a?(ActiveRecord::Base)
-        raise Authorizer::RuntimeException.new "User must inherit from ActiveRecord::Base"
-
-      end
-
-      if user.new_record?
-        raise Authorizer::RuntimeException.new "User must be saved"
-      end
+      
+      # YES YES I know it's a good habit to check for current_user, but I've decided not to raise anything 
+      # and make this method basically void.
+      # Why?
+      # Let the auth mechanism redirect the user if no user is present.
+      # I think that's the proper way to do things.
+
+      #      if user.nil?
+      #        raise Authorizer::RuntimeException.new "User cannot be nil. Maybe you should specify authorizer_options = { :user => user } if you are not calling from a controller?"
+      #      end
+      #
+      #      unless user.is_a?(ActiveRecord::Base)
+      #        raise Authorizer::RuntimeException.new "User must inherit from ActiveRecord::Base"
+      #      end
+      #
+      #      if user.new_record?
+      #        raise Authorizer::RuntimeException.new "User must be saved"
+      #      end
 
       ret
     end

data/lib/authorizer/object_observer.rb

@@ -17,5 +17,29 @@ module Authorizer
         object_role.destroy
       end
     end
+    
+    # This is a Rails only feature:
+    # Single Table Inheritance (STI) is implemented using the Type column.
+    # The 'type' column contains the name of the subclass of the table the record is in.
+    # For example, Dog is a subclass of Animal.
+    # If we have a Dog object here that changes its 'type' to Animal, the ObjectRole must be updated to reflect the new class name.
+    def after_update(object)
+      type = object.try(:read_attribute, :type)
+      # Big chance the object doesn't even have the 'type' attribute. In that case, do nothing.
+      unless type.blank?
+        object_class_name = object.class.to_s
+        # This is how we gonna detect that the type has changed:
+        # object_class_name should be different than type.
+        unless type.eql?(object_class_name)
+          object_roles = ObjectRole.find_all_by_object(object)
+          # Walk through the object roles associated with this object
+          for object_role in object_roles
+            # update it!
+            # it should reflect the new type.
+            object_role.update_attributes!( :klazz_name => type )
+          end
+        end
+      end
+    end
   end
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: authorizer
 version: !ruby/object:Gem::Version 
-  hash: 27
-  prerelease: false
+  hash: 25
+  prerelease: 
   segments: 
   - 0
   - 0
-  - 2
-  version: 0.0.2
+  - 3
+  version: 0.0.3
 platform: ruby
 authors: 
 - CmdJohnson
@@ -15,8 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-08-22 00:00:00 +02:00
-default_executable: 
+date: 2011-09-27 00:00:00 Z
 dependencies: 
 - !ruby/object:Gem::Dependency 
   name: options_checker
@@ -40,14 +39,13 @@ dependencies:
   requirement: &id002 !ruby/object:Gem::Requirement 
     none: false
     requirements: 
-    - - ">="
+    - - ~>
       - !ruby/object:Gem::Version 
-        hash: 47
+        hash: 27
         segments: 
         - 2
-        - 8
-        - 0
-        version: 2.8.0
+        - 12
+        version: "2.12"
   type: :development
   version_requirements: *id002
 description: |-
@@ -110,7 +108,6 @@ files:
 - lib/authorizer/user_observer.rb
 - app/models/object_role.rb
 - rails/init.rb
-has_rdoc: true
 homepage: https://github.com/cmdjohnson/authorizer
 licenses: []
 
@@ -141,7 +138,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
 requirements: []
 
 rubyforge_project: authorizer
-rubygems_version: 1.3.7
+rubygems_version: 1.8.10
 signing_key: 
 specification_version: 3
 summary: Authorizer is a gem for Ruby (in conjunction with Rails 2.3) that does authorization for you on a per-object basis