be9-acl9 0.10.0 → 0.11.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG.textile +8 -0
- data/README.textile +12 -3
- data/Rakefile +10 -0
- data/VERSION.yml +1 -1
- data/lib/acl9/config.rb +1 -0
- data/lib/acl9/controller_extensions.rb +22 -1
- data/lib/acl9/controller_extensions/dsl_base.rb +8 -4
- data/lib/acl9/controller_extensions/generators.rb +52 -10
- data/lib/acl9/helpers.rb +2 -2
- data/lib/acl9/model_extensions.rb +82 -8
- data/lib/acl9/model_extensions/object.rb +32 -0
- data/lib/acl9/model_extensions/subject.rb +85 -17
- data/test/access_control_test.rb +144 -15
- data/test/dsl_base_test.rb +64 -62
- data/test/roles_test.rb +67 -22
- data/test/support/controllers.rb +57 -3
- data/test/support/models.rb +20 -0
- data/test/support/schema.rb +22 -0
- data/test/test_helper.rb +4 -0
- metadata +9 -8
data/test/roles_test.rb
CHANGED
@@ -23,7 +23,7 @@ class RolesTest < Test::Unit::TestCase
|
|
23
23
|
end
|
24
24
|
|
25
25
|
it "#has_role! without object (global role)" do
|
26
|
-
lambda do
|
26
|
+
lambda do
|
27
27
|
@user.has_role!('admin')
|
28
28
|
end.should change { Role.count }.from(0).to(1)
|
29
29
|
|
@@ -51,12 +51,12 @@ class RolesTest < Test::Unit::TestCase
|
|
51
51
|
@user.has_role?('manager', @foo).should be_true
|
52
52
|
@user.has_roles_for?(@foo).should be_true
|
53
53
|
@user.has_role_for?(@foo).should be_true
|
54
|
-
|
54
|
+
|
55
55
|
roles = @user.roles_for(@foo)
|
56
56
|
roles.should == @foo.accepted_roles_by(@user)
|
57
57
|
roles.size.should == 1
|
58
58
|
roles.first.name.should == "manager"
|
59
|
-
|
59
|
+
|
60
60
|
@user.has_role?('manager', @bar).should be_false
|
61
61
|
@user2.has_role?('manager', @foo).should be_false
|
62
62
|
|
@@ -65,9 +65,9 @@ class RolesTest < Test::Unit::TestCase
|
|
65
65
|
@foo.accepts_roles_by?(@user).should be_true
|
66
66
|
end
|
67
67
|
|
68
|
-
it "
|
68
|
+
it "should count object role also as global role" do
|
69
69
|
@user.has_role!('manager', @foo)
|
70
|
-
|
70
|
+
|
71
71
|
@user.has_role?('manager').should be_true
|
72
72
|
end
|
73
73
|
|
@@ -76,17 +76,34 @@ class RolesTest < Test::Unit::TestCase
|
|
76
76
|
@user.has_role?('manager', Foo).should be_false
|
77
77
|
end
|
78
78
|
|
79
|
+
context "protect_global_roles is true" do
|
80
|
+
before do
|
81
|
+
@saved_option = Acl9.config[:protect_global_roles]
|
82
|
+
Acl9.config[:protect_global_roles] = true
|
83
|
+
end
|
84
|
+
|
85
|
+
it "should not count object role also as global role" do
|
86
|
+
@user.has_role!('manager', @foo)
|
87
|
+
|
88
|
+
@user.has_role?('manager').should be_false
|
89
|
+
end
|
90
|
+
|
91
|
+
after do
|
92
|
+
Acl9.config[:protect_global_roles] = @saved_option
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
79
96
|
it "#has_role! with class" do
|
80
97
|
@user.has_role!('user', Bar)
|
81
98
|
|
82
99
|
@user.has_role?('user', Bar).should be_true
|
83
100
|
@user.has_roles_for?(Bar).should be_true
|
84
101
|
@user.has_role_for?(Bar).should be_true
|
85
|
-
|
102
|
+
|
86
103
|
roles = @user.roles_for(Bar)
|
87
104
|
roles.size.should == 1
|
88
105
|
roles.first.name.should == "user"
|
89
|
-
|
106
|
+
|
90
107
|
@user.has_role?('user', Foo).should be_false
|
91
108
|
@user2.has_role?('user', Bar).should be_false
|
92
109
|
end
|
@@ -100,7 +117,7 @@ class RolesTest < Test::Unit::TestCase
|
|
100
117
|
@user.has_role!('manager', @foo)
|
101
118
|
@user.has_role!('user', @foo)
|
102
119
|
@user.has_role!('admin', @foo)
|
103
|
-
|
120
|
+
|
104
121
|
@user.has_role!('owner', @bar)
|
105
122
|
|
106
123
|
@user.roles_for(@foo) .map(&:name).sort.should == %w(admin manager user)
|
@@ -111,7 +128,7 @@ class RolesTest < Test::Unit::TestCase
|
|
111
128
|
@user.has_role!('owner', @bar)
|
112
129
|
@user2.has_role!('owner', @bar)
|
113
130
|
|
114
|
-
@user.
|
131
|
+
@user.role_objects.should == @user2.role_objects
|
115
132
|
end
|
116
133
|
|
117
134
|
it "#has_no_role! should unassign a global role from user" do
|
@@ -119,17 +136,17 @@ class RolesTest < Test::Unit::TestCase
|
|
119
136
|
|
120
137
|
lambda do
|
121
138
|
@user.has_no_role!('3133t')
|
122
|
-
end.should change { @user.
|
139
|
+
end.should change { @user.role_objects.count }.by(-1)
|
123
140
|
|
124
141
|
@user.has_role?('3133t').should be_false
|
125
142
|
end
|
126
|
-
|
143
|
+
|
127
144
|
it "#has_no_role! should unassign an object role from user" do
|
128
145
|
set_some_roles
|
129
146
|
|
130
147
|
lambda do
|
131
148
|
@user.has_no_role!('manager', @foo)
|
132
|
-
end.should change { @user.
|
149
|
+
end.should change { @user.role_objects.count }.by(-1)
|
133
150
|
|
134
151
|
@user.has_role?('manager', @foo).should be_false
|
135
152
|
@user.has_role?('user', @foo).should be_true # another role on the same object
|
@@ -140,7 +157,7 @@ class RolesTest < Test::Unit::TestCase
|
|
140
157
|
|
141
158
|
lambda do
|
142
159
|
@user.has_no_role!('admin', Foo)
|
143
|
-
end.should change { @user.
|
160
|
+
end.should change { @user.role_objects.count }.by(-1)
|
144
161
|
|
145
162
|
@user.has_role?('admin', Foo).should be_false
|
146
163
|
@user.has_role?('admin').should be_true # global role
|
@@ -151,7 +168,7 @@ class RolesTest < Test::Unit::TestCase
|
|
151
168
|
|
152
169
|
lambda do
|
153
170
|
@user.has_no_roles_for!
|
154
|
-
end.should change { @user.
|
171
|
+
end.should change { @user.role_objects.count }.by(-4)
|
155
172
|
|
156
173
|
@user.has_role?('admin').should be_false
|
157
174
|
@user.has_role?('3133t').should be_false
|
@@ -164,18 +181,18 @@ class RolesTest < Test::Unit::TestCase
|
|
164
181
|
|
165
182
|
lambda do
|
166
183
|
@user.has_no_roles_for! @foo
|
167
|
-
end.should change { @user.
|
184
|
+
end.should change { @user.role_objects.count }.by(-2)
|
168
185
|
|
169
186
|
@user.has_role?('user', @foo).should be_false
|
170
187
|
@user.has_role?('manager', @foo).should be_false
|
171
188
|
end
|
172
|
-
|
189
|
+
|
173
190
|
it "#has_no_roles_for! should unassign both class roles and object roles for objects of that class" do
|
174
191
|
set_some_roles
|
175
192
|
|
176
193
|
lambda do
|
177
194
|
@user.has_no_roles_for! Foo
|
178
|
-
end.should change { @user.
|
195
|
+
end.should change { @user.role_objects.count }.by(-4)
|
179
196
|
|
180
197
|
@user.has_role?('admin', Foo).should be_false
|
181
198
|
@user.has_role?('manager', Foo).should be_false
|
@@ -187,7 +204,7 @@ class RolesTest < Test::Unit::TestCase
|
|
187
204
|
set_some_roles
|
188
205
|
|
189
206
|
@user.has_no_roles!
|
190
|
-
@user.
|
207
|
+
@user.role_objects.count.should == 0
|
191
208
|
end
|
192
209
|
|
193
210
|
it "should delete unused roles from table" do
|
@@ -200,7 +217,7 @@ class RolesTest < Test::Unit::TestCase
|
|
200
217
|
Role.count.should == 1
|
201
218
|
|
202
219
|
@bar.accepts_no_role!('owner', @user)
|
203
|
-
|
220
|
+
|
204
221
|
Role.count.should == 0
|
205
222
|
end
|
206
223
|
|
@@ -218,8 +235,6 @@ class RolesTest < Test::Unit::TestCase
|
|
218
235
|
@user.has_role?(:_3133t).should be_true
|
219
236
|
@user.has_role?(:admin, Foo).should be_true
|
220
237
|
@user.has_role?(:manager, @foo).should be_true
|
221
|
-
|
222
|
-
|
223
238
|
end
|
224
239
|
|
225
240
|
private
|
@@ -247,7 +262,7 @@ class RolesWithCustomClassNamesTest < Test::Unit::TestCase
|
|
247
262
|
end
|
248
263
|
|
249
264
|
it "should basically work" do
|
250
|
-
lambda do
|
265
|
+
lambda do
|
251
266
|
@subj.has_role!('admin')
|
252
267
|
@subj.has_role!('user', @foobar)
|
253
268
|
end.should change { AnotherRole.count }.from(0).to(2)
|
@@ -263,3 +278,33 @@ class RolesWithCustomClassNamesTest < Test::Unit::TestCase
|
|
263
278
|
end
|
264
279
|
end
|
265
280
|
|
281
|
+
class UsersRolesAndSubjectsWithNamespacedClassNamesTest < Test::Unit::TestCase
|
282
|
+
before do
|
283
|
+
Other::Role.destroy_all
|
284
|
+
[Other::User, Other::FooBar].each { |model| model.delete_all }
|
285
|
+
|
286
|
+
@user = Other::User.create!
|
287
|
+
@user2 = Other::User.create!
|
288
|
+
@foobar = Other::FooBar.create!
|
289
|
+
|
290
|
+
end
|
291
|
+
|
292
|
+
it "should basically work" do
|
293
|
+
lambda do
|
294
|
+
@user.has_role!('admin')
|
295
|
+
@user.has_role!('user', @foobar)
|
296
|
+
end.should change { Other::Role.count }.from(0).to(2)
|
297
|
+
|
298
|
+
@user.has_role?('admin').should be_true
|
299
|
+
@user2.has_role?('admin').should be_false
|
300
|
+
|
301
|
+
@user.has_role?(:user, @foobar).should be_true
|
302
|
+
@user2.has_role?(:user, @foobar).should be_false
|
303
|
+
|
304
|
+
@foobar.accepted_roles.count.should == 1
|
305
|
+
|
306
|
+
@user.has_no_roles!
|
307
|
+
@user2.has_no_roles!
|
308
|
+
end
|
309
|
+
end
|
310
|
+
|
data/test/support/controllers.rb
CHANGED
@@ -55,7 +55,7 @@ class ACLArguments < EmptyController
|
|
55
55
|
access_control :except => [:index, :show] do
|
56
56
|
allow :admin, :if => :true_meth, :unless => :false_meth
|
57
57
|
end
|
58
|
-
|
58
|
+
|
59
59
|
include TrueFalse
|
60
60
|
end
|
61
61
|
|
@@ -129,12 +129,33 @@ class ACLObjectsHash < ApplicationController
|
|
129
129
|
@foo = nil
|
130
130
|
render :text => (allowed?(:foo => MyDearFoo.instance) ? 'OK' : 'AccessDenied')
|
131
131
|
end
|
132
|
-
|
132
|
+
|
133
|
+
def current_user
|
134
|
+
params[:user]
|
135
|
+
end
|
136
|
+
end
|
137
|
+
|
138
|
+
class ACLActionOverride < ApplicationController
|
139
|
+
access_control :allowed?, :filter => false do
|
140
|
+
allow all, :to => :index
|
141
|
+
deny all, :to => :show
|
142
|
+
allow :owner, :of => :foo, :to => :edit
|
143
|
+
end
|
144
|
+
|
145
|
+
def check_allow
|
146
|
+
render :text => (allowed?(params[:_action]) ? 'OK' : 'AccessDenied')
|
147
|
+
end
|
148
|
+
|
149
|
+
def check_allow_with_foo
|
150
|
+
render :text => (allowed?(params[:_action], :foo => MyDearFoo.instance) ? 'OK' : 'AccessDenied')
|
151
|
+
end
|
152
|
+
|
133
153
|
def current_user
|
134
154
|
params[:user]
|
135
155
|
end
|
136
156
|
end
|
137
157
|
|
158
|
+
|
138
159
|
class ACLHelperMethod < ApplicationController
|
139
160
|
access_control :helper => :foo? do
|
140
161
|
allow :owner, :of => :foo
|
@@ -145,9 +166,42 @@ class ACLHelperMethod < ApplicationController
|
|
145
166
|
|
146
167
|
render :inline => "<%= foo? ? 'OK' : 'AccessDenied' %>"
|
147
168
|
end
|
148
|
-
|
169
|
+
|
149
170
|
def current_user
|
150
171
|
params[:user]
|
151
172
|
end
|
152
173
|
end
|
153
174
|
|
175
|
+
class ACLQueryMethod < ApplicationController
|
176
|
+
attr_accessor :current_user
|
177
|
+
|
178
|
+
access_control :acl, :query_method => true do
|
179
|
+
allow :editor, :to => [:edit, :update, :destroy]
|
180
|
+
allow :viewer, :to => [:index, :show]
|
181
|
+
allow :owner, :of => :foo, :to => :fooize
|
182
|
+
end
|
183
|
+
end
|
184
|
+
|
185
|
+
class ACLQueryMethodWithLambda < ApplicationController
|
186
|
+
attr_accessor :current_user
|
187
|
+
|
188
|
+
access_control :query_method => :acl? do
|
189
|
+
allow :editor, :to => [:edit, :update, :destroy]
|
190
|
+
allow :viewer, :to => [:index, :show]
|
191
|
+
allow :owner, :of => :foo, :to => :fooize
|
192
|
+
end
|
193
|
+
end
|
194
|
+
|
195
|
+
class ACLNamedQueryMethod < ApplicationController
|
196
|
+
attr_accessor :current_user
|
197
|
+
|
198
|
+
access_control :acl, :query_method => 'allow_ay' do
|
199
|
+
allow :editor, :to => [:edit, :update, :destroy]
|
200
|
+
allow :viewer, :to => [:index, :show]
|
201
|
+
allow :owner, :of => :foo, :to => :fooize
|
202
|
+
end
|
203
|
+
|
204
|
+
def acl?(*args)
|
205
|
+
allow_ay(*args)
|
206
|
+
end
|
207
|
+
end
|
data/test/support/models.rb
CHANGED
@@ -25,3 +25,23 @@ end
|
|
25
25
|
class FooBar < ActiveRecord::Base
|
26
26
|
acts_as_authorization_object :role_class_name => 'AnotherRole', :subject_class_name => "AnotherSubject"
|
27
27
|
end
|
28
|
+
|
29
|
+
|
30
|
+
module Other
|
31
|
+
|
32
|
+
class Other::User < ActiveRecord::Base
|
33
|
+
set_table_name "other_users"
|
34
|
+
acts_as_authorization_subject :join_table_name => "other_roles_other_users", :role_class_name => "Other::Role"
|
35
|
+
end
|
36
|
+
|
37
|
+
class Other::Role < ActiveRecord::Base
|
38
|
+
set_table_name "other_roles"
|
39
|
+
acts_as_authorization_role :join_table_name => "other_roles_other_users", :subject_class_name => "Other::User"
|
40
|
+
end
|
41
|
+
|
42
|
+
class Other::FooBar < ActiveRecord::Base
|
43
|
+
set_table_name "other_foo_bars"
|
44
|
+
acts_as_authorization_object :role_class_name => 'Other::Role', :subject_class_name => "Other::User"
|
45
|
+
end
|
46
|
+
|
47
|
+
end
|
data/test/support/schema.rb
CHANGED
@@ -44,4 +44,26 @@ ActiveRecord::Schema.define(:version => 0) do
|
|
44
44
|
t.datetime "created_at"
|
45
45
|
t.datetime "updated_at"
|
46
46
|
end
|
47
|
+
|
48
|
+
# namespaced
|
49
|
+
|
50
|
+
create_table "other_roles", :force => true do |t|
|
51
|
+
t.string "name", :limit => 40
|
52
|
+
t.string "authorizable_type", :limit => 40
|
53
|
+
t.integer "authorizable_id"
|
54
|
+
t.datetime "created_at"
|
55
|
+
t.datetime "updated_at"
|
56
|
+
end
|
57
|
+
create_table "other_users", :force => true do |t| end
|
58
|
+
create_table "other_roles_other_users", :id => false, :force => true do |t|
|
59
|
+
t.integer "user_id"
|
60
|
+
t.integer "role_id"
|
61
|
+
t.datetime "created_at"
|
62
|
+
t.datetime "updated_at"
|
63
|
+
end
|
64
|
+
create_table "other_foo_bars", :force => true do |t|
|
65
|
+
t.datetime "created_at"
|
66
|
+
t.datetime "updated_at"
|
67
|
+
end
|
68
|
+
|
47
69
|
end
|
data/test/test_helper.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: be9-acl9
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.11.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- oleg dashevskii
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2009-
|
12
|
+
date: 2009-09-16 00:00:00 -07:00
|
13
13
|
default_executable:
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
@@ -64,8 +64,9 @@ files:
|
|
64
64
|
- test/support/models.rb
|
65
65
|
- test/support/schema.rb
|
66
66
|
- test/test_helper.rb
|
67
|
-
has_rdoc:
|
67
|
+
has_rdoc: false
|
68
68
|
homepage: http://github.com/be9/acl9
|
69
|
+
licenses:
|
69
70
|
post_install_message:
|
70
71
|
rdoc_options:
|
71
72
|
- --charset=UTF-8
|
@@ -86,16 +87,16 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
86
87
|
requirements: []
|
87
88
|
|
88
89
|
rubyforge_project:
|
89
|
-
rubygems_version: 1.
|
90
|
+
rubygems_version: 1.3.5
|
90
91
|
signing_key:
|
91
92
|
specification_version: 3
|
92
93
|
summary: Yet another role-based authorization system for Rails
|
93
94
|
test_files:
|
94
|
-
- test/
|
95
|
+
- test/dsl_base_test.rb
|
96
|
+
- test/test_helper.rb
|
97
|
+
- test/access_control_test.rb
|
95
98
|
- test/support/schema.rb
|
96
99
|
- test/support/models.rb
|
97
100
|
- test/support/controllers.rb
|
98
|
-
- test/
|
99
|
-
- test/access_control_test.rb
|
100
|
-
- test/test_helper.rb
|
101
|
+
- test/helpers_test.rb
|
101
102
|
- test/roles_test.rb
|