be9-acl9 0.10.0 → 0.11.0
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG.textile +8 -0
- data/README.textile +12 -3
- data/Rakefile +10 -0
- data/VERSION.yml +1 -1
- data/lib/acl9/config.rb +1 -0
- data/lib/acl9/controller_extensions.rb +22 -1
- data/lib/acl9/controller_extensions/dsl_base.rb +8 -4
- data/lib/acl9/controller_extensions/generators.rb +52 -10
- data/lib/acl9/helpers.rb +2 -2
- data/lib/acl9/model_extensions.rb +82 -8
- data/lib/acl9/model_extensions/object.rb +32 -0
- data/lib/acl9/model_extensions/subject.rb +85 -17
- data/test/access_control_test.rb +144 -15
- data/test/dsl_base_test.rb +64 -62
- data/test/roles_test.rb +67 -22
- data/test/support/controllers.rb +57 -3
- data/test/support/models.rb +20 -0
- data/test/support/schema.rb +22 -0
- data/test/test_helper.rb +4 -0
- metadata +9 -8
data/test/roles_test.rb
CHANGED
@@ -23,7 +23,7 @@ class RolesTest < Test::Unit::TestCase
|
|
23
23
|
end
|
24
24
|
|
25
25
|
it "#has_role! without object (global role)" do
|
26
|
-
lambda do
|
26
|
+
lambda do
|
27
27
|
@user.has_role!('admin')
|
28
28
|
end.should change { Role.count }.from(0).to(1)
|
29
29
|
|
@@ -51,12 +51,12 @@ class RolesTest < Test::Unit::TestCase
|
|
51
51
|
@user.has_role?('manager', @foo).should be_true
|
52
52
|
@user.has_roles_for?(@foo).should be_true
|
53
53
|
@user.has_role_for?(@foo).should be_true
|
54
|
-
|
54
|
+
|
55
55
|
roles = @user.roles_for(@foo)
|
56
56
|
roles.should == @foo.accepted_roles_by(@user)
|
57
57
|
roles.size.should == 1
|
58
58
|
roles.first.name.should == "manager"
|
59
|
-
|
59
|
+
|
60
60
|
@user.has_role?('manager', @bar).should be_false
|
61
61
|
@user2.has_role?('manager', @foo).should be_false
|
62
62
|
|
@@ -65,9 +65,9 @@ class RolesTest < Test::Unit::TestCase
|
|
65
65
|
@foo.accepts_roles_by?(@user).should be_true
|
66
66
|
end
|
67
67
|
|
68
|
-
it "
|
68
|
+
it "should count object role also as global role" do
|
69
69
|
@user.has_role!('manager', @foo)
|
70
|
-
|
70
|
+
|
71
71
|
@user.has_role?('manager').should be_true
|
72
72
|
end
|
73
73
|
|
@@ -76,17 +76,34 @@ class RolesTest < Test::Unit::TestCase
|
|
76
76
|
@user.has_role?('manager', Foo).should be_false
|
77
77
|
end
|
78
78
|
|
79
|
+
context "protect_global_roles is true" do
|
80
|
+
before do
|
81
|
+
@saved_option = Acl9.config[:protect_global_roles]
|
82
|
+
Acl9.config[:protect_global_roles] = true
|
83
|
+
end
|
84
|
+
|
85
|
+
it "should not count object role also as global role" do
|
86
|
+
@user.has_role!('manager', @foo)
|
87
|
+
|
88
|
+
@user.has_role?('manager').should be_false
|
89
|
+
end
|
90
|
+
|
91
|
+
after do
|
92
|
+
Acl9.config[:protect_global_roles] = @saved_option
|
93
|
+
end
|
94
|
+
end
|
95
|
+
|
79
96
|
it "#has_role! with class" do
|
80
97
|
@user.has_role!('user', Bar)
|
81
98
|
|
82
99
|
@user.has_role?('user', Bar).should be_true
|
83
100
|
@user.has_roles_for?(Bar).should be_true
|
84
101
|
@user.has_role_for?(Bar).should be_true
|
85
|
-
|
102
|
+
|
86
103
|
roles = @user.roles_for(Bar)
|
87
104
|
roles.size.should == 1
|
88
105
|
roles.first.name.should == "user"
|
89
|
-
|
106
|
+
|
90
107
|
@user.has_role?('user', Foo).should be_false
|
91
108
|
@user2.has_role?('user', Bar).should be_false
|
92
109
|
end
|
@@ -100,7 +117,7 @@ class RolesTest < Test::Unit::TestCase
|
|
100
117
|
@user.has_role!('manager', @foo)
|
101
118
|
@user.has_role!('user', @foo)
|
102
119
|
@user.has_role!('admin', @foo)
|
103
|
-
|
120
|
+
|
104
121
|
@user.has_role!('owner', @bar)
|
105
122
|
|
106
123
|
@user.roles_for(@foo) .map(&:name).sort.should == %w(admin manager user)
|
@@ -111,7 +128,7 @@ class RolesTest < Test::Unit::TestCase
|
|
111
128
|
@user.has_role!('owner', @bar)
|
112
129
|
@user2.has_role!('owner', @bar)
|
113
130
|
|
114
|
-
@user.
|
131
|
+
@user.role_objects.should == @user2.role_objects
|
115
132
|
end
|
116
133
|
|
117
134
|
it "#has_no_role! should unassign a global role from user" do
|
@@ -119,17 +136,17 @@ class RolesTest < Test::Unit::TestCase
|
|
119
136
|
|
120
137
|
lambda do
|
121
138
|
@user.has_no_role!('3133t')
|
122
|
-
end.should change { @user.
|
139
|
+
end.should change { @user.role_objects.count }.by(-1)
|
123
140
|
|
124
141
|
@user.has_role?('3133t').should be_false
|
125
142
|
end
|
126
|
-
|
143
|
+
|
127
144
|
it "#has_no_role! should unassign an object role from user" do
|
128
145
|
set_some_roles
|
129
146
|
|
130
147
|
lambda do
|
131
148
|
@user.has_no_role!('manager', @foo)
|
132
|
-
end.should change { @user.
|
149
|
+
end.should change { @user.role_objects.count }.by(-1)
|
133
150
|
|
134
151
|
@user.has_role?('manager', @foo).should be_false
|
135
152
|
@user.has_role?('user', @foo).should be_true # another role on the same object
|
@@ -140,7 +157,7 @@ class RolesTest < Test::Unit::TestCase
|
|
140
157
|
|
141
158
|
lambda do
|
142
159
|
@user.has_no_role!('admin', Foo)
|
143
|
-
end.should change { @user.
|
160
|
+
end.should change { @user.role_objects.count }.by(-1)
|
144
161
|
|
145
162
|
@user.has_role?('admin', Foo).should be_false
|
146
163
|
@user.has_role?('admin').should be_true # global role
|
@@ -151,7 +168,7 @@ class RolesTest < Test::Unit::TestCase
|
|
151
168
|
|
152
169
|
lambda do
|
153
170
|
@user.has_no_roles_for!
|
154
|
-
end.should change { @user.
|
171
|
+
end.should change { @user.role_objects.count }.by(-4)
|
155
172
|
|
156
173
|
@user.has_role?('admin').should be_false
|
157
174
|
@user.has_role?('3133t').should be_false
|
@@ -164,18 +181,18 @@ class RolesTest < Test::Unit::TestCase
|
|
164
181
|
|
165
182
|
lambda do
|
166
183
|
@user.has_no_roles_for! @foo
|
167
|
-
end.should change { @user.
|
184
|
+
end.should change { @user.role_objects.count }.by(-2)
|
168
185
|
|
169
186
|
@user.has_role?('user', @foo).should be_false
|
170
187
|
@user.has_role?('manager', @foo).should be_false
|
171
188
|
end
|
172
|
-
|
189
|
+
|
173
190
|
it "#has_no_roles_for! should unassign both class roles and object roles for objects of that class" do
|
174
191
|
set_some_roles
|
175
192
|
|
176
193
|
lambda do
|
177
194
|
@user.has_no_roles_for! Foo
|
178
|
-
end.should change { @user.
|
195
|
+
end.should change { @user.role_objects.count }.by(-4)
|
179
196
|
|
180
197
|
@user.has_role?('admin', Foo).should be_false
|
181
198
|
@user.has_role?('manager', Foo).should be_false
|
@@ -187,7 +204,7 @@ class RolesTest < Test::Unit::TestCase
|
|
187
204
|
set_some_roles
|
188
205
|
|
189
206
|
@user.has_no_roles!
|
190
|
-
@user.
|
207
|
+
@user.role_objects.count.should == 0
|
191
208
|
end
|
192
209
|
|
193
210
|
it "should delete unused roles from table" do
|
@@ -200,7 +217,7 @@ class RolesTest < Test::Unit::TestCase
|
|
200
217
|
Role.count.should == 1
|
201
218
|
|
202
219
|
@bar.accepts_no_role!('owner', @user)
|
203
|
-
|
220
|
+
|
204
221
|
Role.count.should == 0
|
205
222
|
end
|
206
223
|
|
@@ -218,8 +235,6 @@ class RolesTest < Test::Unit::TestCase
|
|
218
235
|
@user.has_role?(:_3133t).should be_true
|
219
236
|
@user.has_role?(:admin, Foo).should be_true
|
220
237
|
@user.has_role?(:manager, @foo).should be_true
|
221
|
-
|
222
|
-
|
223
238
|
end
|
224
239
|
|
225
240
|
private
|
@@ -247,7 +262,7 @@ class RolesWithCustomClassNamesTest < Test::Unit::TestCase
|
|
247
262
|
end
|
248
263
|
|
249
264
|
it "should basically work" do
|
250
|
-
lambda do
|
265
|
+
lambda do
|
251
266
|
@subj.has_role!('admin')
|
252
267
|
@subj.has_role!('user', @foobar)
|
253
268
|
end.should change { AnotherRole.count }.from(0).to(2)
|
@@ -263,3 +278,33 @@ class RolesWithCustomClassNamesTest < Test::Unit::TestCase
|
|
263
278
|
end
|
264
279
|
end
|
265
280
|
|
281
|
+
class UsersRolesAndSubjectsWithNamespacedClassNamesTest < Test::Unit::TestCase
|
282
|
+
before do
|
283
|
+
Other::Role.destroy_all
|
284
|
+
[Other::User, Other::FooBar].each { |model| model.delete_all }
|
285
|
+
|
286
|
+
@user = Other::User.create!
|
287
|
+
@user2 = Other::User.create!
|
288
|
+
@foobar = Other::FooBar.create!
|
289
|
+
|
290
|
+
end
|
291
|
+
|
292
|
+
it "should basically work" do
|
293
|
+
lambda do
|
294
|
+
@user.has_role!('admin')
|
295
|
+
@user.has_role!('user', @foobar)
|
296
|
+
end.should change { Other::Role.count }.from(0).to(2)
|
297
|
+
|
298
|
+
@user.has_role?('admin').should be_true
|
299
|
+
@user2.has_role?('admin').should be_false
|
300
|
+
|
301
|
+
@user.has_role?(:user, @foobar).should be_true
|
302
|
+
@user2.has_role?(:user, @foobar).should be_false
|
303
|
+
|
304
|
+
@foobar.accepted_roles.count.should == 1
|
305
|
+
|
306
|
+
@user.has_no_roles!
|
307
|
+
@user2.has_no_roles!
|
308
|
+
end
|
309
|
+
end
|
310
|
+
|
data/test/support/controllers.rb
CHANGED
@@ -55,7 +55,7 @@ class ACLArguments < EmptyController
|
|
55
55
|
access_control :except => [:index, :show] do
|
56
56
|
allow :admin, :if => :true_meth, :unless => :false_meth
|
57
57
|
end
|
58
|
-
|
58
|
+
|
59
59
|
include TrueFalse
|
60
60
|
end
|
61
61
|
|
@@ -129,12 +129,33 @@ class ACLObjectsHash < ApplicationController
|
|
129
129
|
@foo = nil
|
130
130
|
render :text => (allowed?(:foo => MyDearFoo.instance) ? 'OK' : 'AccessDenied')
|
131
131
|
end
|
132
|
-
|
132
|
+
|
133
|
+
def current_user
|
134
|
+
params[:user]
|
135
|
+
end
|
136
|
+
end
|
137
|
+
|
138
|
+
class ACLActionOverride < ApplicationController
|
139
|
+
access_control :allowed?, :filter => false do
|
140
|
+
allow all, :to => :index
|
141
|
+
deny all, :to => :show
|
142
|
+
allow :owner, :of => :foo, :to => :edit
|
143
|
+
end
|
144
|
+
|
145
|
+
def check_allow
|
146
|
+
render :text => (allowed?(params[:_action]) ? 'OK' : 'AccessDenied')
|
147
|
+
end
|
148
|
+
|
149
|
+
def check_allow_with_foo
|
150
|
+
render :text => (allowed?(params[:_action], :foo => MyDearFoo.instance) ? 'OK' : 'AccessDenied')
|
151
|
+
end
|
152
|
+
|
133
153
|
def current_user
|
134
154
|
params[:user]
|
135
155
|
end
|
136
156
|
end
|
137
157
|
|
158
|
+
|
138
159
|
class ACLHelperMethod < ApplicationController
|
139
160
|
access_control :helper => :foo? do
|
140
161
|
allow :owner, :of => :foo
|
@@ -145,9 +166,42 @@ class ACLHelperMethod < ApplicationController
|
|
145
166
|
|
146
167
|
render :inline => "<%= foo? ? 'OK' : 'AccessDenied' %>"
|
147
168
|
end
|
148
|
-
|
169
|
+
|
149
170
|
def current_user
|
150
171
|
params[:user]
|
151
172
|
end
|
152
173
|
end
|
153
174
|
|
175
|
+
class ACLQueryMethod < ApplicationController
|
176
|
+
attr_accessor :current_user
|
177
|
+
|
178
|
+
access_control :acl, :query_method => true do
|
179
|
+
allow :editor, :to => [:edit, :update, :destroy]
|
180
|
+
allow :viewer, :to => [:index, :show]
|
181
|
+
allow :owner, :of => :foo, :to => :fooize
|
182
|
+
end
|
183
|
+
end
|
184
|
+
|
185
|
+
class ACLQueryMethodWithLambda < ApplicationController
|
186
|
+
attr_accessor :current_user
|
187
|
+
|
188
|
+
access_control :query_method => :acl? do
|
189
|
+
allow :editor, :to => [:edit, :update, :destroy]
|
190
|
+
allow :viewer, :to => [:index, :show]
|
191
|
+
allow :owner, :of => :foo, :to => :fooize
|
192
|
+
end
|
193
|
+
end
|
194
|
+
|
195
|
+
class ACLNamedQueryMethod < ApplicationController
|
196
|
+
attr_accessor :current_user
|
197
|
+
|
198
|
+
access_control :acl, :query_method => 'allow_ay' do
|
199
|
+
allow :editor, :to => [:edit, :update, :destroy]
|
200
|
+
allow :viewer, :to => [:index, :show]
|
201
|
+
allow :owner, :of => :foo, :to => :fooize
|
202
|
+
end
|
203
|
+
|
204
|
+
def acl?(*args)
|
205
|
+
allow_ay(*args)
|
206
|
+
end
|
207
|
+
end
|
data/test/support/models.rb
CHANGED
@@ -25,3 +25,23 @@ end
|
|
25
25
|
class FooBar < ActiveRecord::Base
|
26
26
|
acts_as_authorization_object :role_class_name => 'AnotherRole', :subject_class_name => "AnotherSubject"
|
27
27
|
end
|
28
|
+
|
29
|
+
|
30
|
+
module Other
|
31
|
+
|
32
|
+
class Other::User < ActiveRecord::Base
|
33
|
+
set_table_name "other_users"
|
34
|
+
acts_as_authorization_subject :join_table_name => "other_roles_other_users", :role_class_name => "Other::Role"
|
35
|
+
end
|
36
|
+
|
37
|
+
class Other::Role < ActiveRecord::Base
|
38
|
+
set_table_name "other_roles"
|
39
|
+
acts_as_authorization_role :join_table_name => "other_roles_other_users", :subject_class_name => "Other::User"
|
40
|
+
end
|
41
|
+
|
42
|
+
class Other::FooBar < ActiveRecord::Base
|
43
|
+
set_table_name "other_foo_bars"
|
44
|
+
acts_as_authorization_object :role_class_name => 'Other::Role', :subject_class_name => "Other::User"
|
45
|
+
end
|
46
|
+
|
47
|
+
end
|
data/test/support/schema.rb
CHANGED
@@ -44,4 +44,26 @@ ActiveRecord::Schema.define(:version => 0) do
|
|
44
44
|
t.datetime "created_at"
|
45
45
|
t.datetime "updated_at"
|
46
46
|
end
|
47
|
+
|
48
|
+
# namespaced
|
49
|
+
|
50
|
+
create_table "other_roles", :force => true do |t|
|
51
|
+
t.string "name", :limit => 40
|
52
|
+
t.string "authorizable_type", :limit => 40
|
53
|
+
t.integer "authorizable_id"
|
54
|
+
t.datetime "created_at"
|
55
|
+
t.datetime "updated_at"
|
56
|
+
end
|
57
|
+
create_table "other_users", :force => true do |t| end
|
58
|
+
create_table "other_roles_other_users", :id => false, :force => true do |t|
|
59
|
+
t.integer "user_id"
|
60
|
+
t.integer "role_id"
|
61
|
+
t.datetime "created_at"
|
62
|
+
t.datetime "updated_at"
|
63
|
+
end
|
64
|
+
create_table "other_foo_bars", :force => true do |t|
|
65
|
+
t.datetime "created_at"
|
66
|
+
t.datetime "updated_at"
|
67
|
+
end
|
68
|
+
|
47
69
|
end
|
data/test/test_helper.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: be9-acl9
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.11.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- oleg dashevskii
|
@@ -9,7 +9,7 @@ autorequire:
|
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
11
|
|
12
|
-
date: 2009-
|
12
|
+
date: 2009-09-16 00:00:00 -07:00
|
13
13
|
default_executable:
|
14
14
|
dependencies:
|
15
15
|
- !ruby/object:Gem::Dependency
|
@@ -64,8 +64,9 @@ files:
|
|
64
64
|
- test/support/models.rb
|
65
65
|
- test/support/schema.rb
|
66
66
|
- test/test_helper.rb
|
67
|
-
has_rdoc:
|
67
|
+
has_rdoc: false
|
68
68
|
homepage: http://github.com/be9/acl9
|
69
|
+
licenses:
|
69
70
|
post_install_message:
|
70
71
|
rdoc_options:
|
71
72
|
- --charset=UTF-8
|
@@ -86,16 +87,16 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
86
87
|
requirements: []
|
87
88
|
|
88
89
|
rubyforge_project:
|
89
|
-
rubygems_version: 1.
|
90
|
+
rubygems_version: 1.3.5
|
90
91
|
signing_key:
|
91
92
|
specification_version: 3
|
92
93
|
summary: Yet another role-based authorization system for Rails
|
93
94
|
test_files:
|
94
|
-
- test/
|
95
|
+
- test/dsl_base_test.rb
|
96
|
+
- test/test_helper.rb
|
97
|
+
- test/access_control_test.rb
|
95
98
|
- test/support/schema.rb
|
96
99
|
- test/support/models.rb
|
97
100
|
- test/support/controllers.rb
|
98
|
-
- test/
|
99
|
-
- test/access_control_test.rb
|
100
|
-
- test/test_helper.rb
|
101
|
+
- test/helpers_test.rb
|
101
102
|
- test/roles_test.rb
|