be9-acl9 0.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/MIT-LICENSE +20 -0
- data/Manifest +19 -0
- data/README.textile +765 -0
- data/Rakefile +37 -0
- data/acl9.gemspec +37 -0
- data/init.rb +1 -0
- data/lib/acl9.rb +14 -0
- data/lib/acl9/config.rb +9 -0
- data/lib/acl9/controller_extensions.rb +37 -0
- data/lib/acl9/controller_extensions/filter_producer.rb +244 -0
- data/lib/acl9/model_extensions.rb +58 -0
- data/lib/acl9/model_extensions/object.rb +27 -0
- data/lib/acl9/model_extensions/subject.rb +107 -0
- data/lib/acl9/version.rb +54 -0
- data/spec/access_control_spec.rb +185 -0
- data/spec/db/schema.rb +47 -0
- data/spec/filter_producer_spec.rb +707 -0
- data/spec/models.rb +27 -0
- data/spec/roles_spec.rb +259 -0
- data/spec/spec_helper.rb +34 -0
- metadata +102 -0
data/spec/models.rb
ADDED
@@ -0,0 +1,27 @@
|
|
1
|
+
class Role < ActiveRecord::Base
|
2
|
+
acts_as_authorization_role
|
3
|
+
end
|
4
|
+
|
5
|
+
class User < ActiveRecord::Base
|
6
|
+
acts_as_authorization_subject
|
7
|
+
end
|
8
|
+
|
9
|
+
class Foo < ActiveRecord::Base
|
10
|
+
acts_as_authorization_object
|
11
|
+
end
|
12
|
+
|
13
|
+
class Bar < ActiveRecord::Base
|
14
|
+
acts_as_authorization_object
|
15
|
+
end
|
16
|
+
|
17
|
+
class AnotherSubject < ActiveRecord::Base
|
18
|
+
acts_as_authorization_subject :role_class_name => 'AnotherRole'
|
19
|
+
end
|
20
|
+
|
21
|
+
class AnotherRole < ActiveRecord::Base
|
22
|
+
acts_as_authorization_role :subject_class_name => "AnotherSubject"
|
23
|
+
end
|
24
|
+
|
25
|
+
class FooBar < ActiveRecord::Base
|
26
|
+
acts_as_authorization_object :role_class_name => 'AnotherRole', :subject_class_name => "AnotherSubject"
|
27
|
+
end
|
data/spec/roles_spec.rb
ADDED
@@ -0,0 +1,259 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), 'spec_helper')
|
2
|
+
require File.join(File.dirname(__FILE__), 'models')
|
3
|
+
|
4
|
+
#Logger = ActiveRecord::Base.logger
|
5
|
+
|
6
|
+
describe "Roles" do
|
7
|
+
before do
|
8
|
+
Role.destroy_all
|
9
|
+
[User, Foo, Bar].each { |model| model.delete_all }
|
10
|
+
|
11
|
+
@user = User.create!
|
12
|
+
@user2 = User.create!
|
13
|
+
@foo = Foo.create!
|
14
|
+
@bar = Bar.create!
|
15
|
+
end
|
16
|
+
|
17
|
+
it "should not have any roles by default" do
|
18
|
+
%w(user manager admin owner).each do |role|
|
19
|
+
@user.has_role?(role).should be_false
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
it "#has_role! without object (global role)" do
|
24
|
+
lambda do
|
25
|
+
@user.has_role!('admin')
|
26
|
+
end.should change(Role, :count).from(0).to(1)
|
27
|
+
|
28
|
+
@user.has_role?('admin').should be_true
|
29
|
+
@user2.has_role?('admin').should be_false
|
30
|
+
end
|
31
|
+
|
32
|
+
it "should not count global role as object role" do
|
33
|
+
@user.has_role!('admin')
|
34
|
+
|
35
|
+
[@foo, @bar, Foo, Bar, @user].each do |obj|
|
36
|
+
@user.has_role?('admin', obj).should be_false
|
37
|
+
@user.has_roles_for?(obj).should be_false
|
38
|
+
@user.roles_for(obj).should == []
|
39
|
+
end
|
40
|
+
|
41
|
+
[@foo, @bar].each do |obj|
|
42
|
+
obj.accepts_role?('admin', @user).should be_false
|
43
|
+
end
|
44
|
+
end
|
45
|
+
|
46
|
+
it "#has_role! with object (object role)" do
|
47
|
+
@user.has_role!('manager', @foo)
|
48
|
+
|
49
|
+
@user.has_role?('manager', @foo).should be_true
|
50
|
+
@user.has_roles_for?(@foo).should be_true
|
51
|
+
@user.has_role_for?(@foo).should be_true
|
52
|
+
|
53
|
+
roles = @user.roles_for(@foo)
|
54
|
+
roles.should == @foo.accepted_roles_by(@user)
|
55
|
+
roles.size.should == 1
|
56
|
+
roles.first.name.should == "manager"
|
57
|
+
|
58
|
+
@user.has_role?('manager', @bar).should be_false
|
59
|
+
@user2.has_role?('manager', @foo).should be_false
|
60
|
+
|
61
|
+
@foo.accepts_role?('manager', @user).should be_true
|
62
|
+
@foo.accepts_role_by?(@user).should be_true
|
63
|
+
@foo.accepts_roles_by?(@user).should be_true
|
64
|
+
end
|
65
|
+
|
66
|
+
it "shoud count object role also as global role" do
|
67
|
+
@user.has_role!('manager', @foo)
|
68
|
+
|
69
|
+
@user.has_role?('manager').should be_true
|
70
|
+
end
|
71
|
+
|
72
|
+
it "should not count object role as object class role" do
|
73
|
+
@user.has_role!('manager', @foo)
|
74
|
+
@user.has_role?('manager', Foo).should be_false
|
75
|
+
end
|
76
|
+
|
77
|
+
it "#has_role! with class" do
|
78
|
+
@user.has_role!('user', Bar)
|
79
|
+
|
80
|
+
@user.has_role?('user', Bar).should be_true
|
81
|
+
@user.has_roles_for?(Bar).should be_true
|
82
|
+
@user.has_role_for?(Bar).should be_true
|
83
|
+
|
84
|
+
roles = @user.roles_for(Bar)
|
85
|
+
roles.size.should == 1
|
86
|
+
roles.first.name.should == "user"
|
87
|
+
|
88
|
+
@user.has_role?('user', Foo).should be_false
|
89
|
+
@user2.has_role?('user', Bar).should be_false
|
90
|
+
end
|
91
|
+
|
92
|
+
it "should not count class role as object role" do
|
93
|
+
@user.has_role!('manager', Foo)
|
94
|
+
@user.has_role?('manager', @foo).should be_false
|
95
|
+
end
|
96
|
+
|
97
|
+
it "should be able to have several roles on the same object" do
|
98
|
+
@user.has_role!('manager', @foo)
|
99
|
+
@user.has_role!('user', @foo)
|
100
|
+
@user.has_role!('admin', @foo)
|
101
|
+
|
102
|
+
@user.has_role!('owner', @bar)
|
103
|
+
|
104
|
+
@user.roles_for(@foo) .map(&:name).sort.should == %w(admin manager user)
|
105
|
+
@foo.accepted_roles_by(@user).map(&:name).sort.should == %w(admin manager user)
|
106
|
+
end
|
107
|
+
|
108
|
+
it "should reuse existing roles" do
|
109
|
+
@user.has_role!('owner', @bar)
|
110
|
+
@user2.has_role!('owner', @bar)
|
111
|
+
|
112
|
+
@user.roles.should == @user2.roles
|
113
|
+
end
|
114
|
+
|
115
|
+
it "#has_no_role! should unassign a global role from user" do
|
116
|
+
set_some_roles
|
117
|
+
|
118
|
+
lambda do
|
119
|
+
@user.has_no_role!('3133t')
|
120
|
+
end.should change(@user.roles, :count).by(-1)
|
121
|
+
|
122
|
+
@user.has_role?('3133t').should be_false
|
123
|
+
end
|
124
|
+
|
125
|
+
it "#has_no_role! should unassign an object role from user" do
|
126
|
+
set_some_roles
|
127
|
+
|
128
|
+
lambda do
|
129
|
+
@user.has_no_role!('manager', @foo)
|
130
|
+
end.should change(@user.roles, :count).by(-1)
|
131
|
+
|
132
|
+
@user.has_role?('manager', @foo).should be_false
|
133
|
+
@user.has_role?('user', @foo).should be_true # another role on the same object
|
134
|
+
end
|
135
|
+
|
136
|
+
it "#has_no_role! should unassign a class role from user" do
|
137
|
+
set_some_roles
|
138
|
+
|
139
|
+
lambda do
|
140
|
+
@user.has_no_role!('admin', Foo)
|
141
|
+
end.should change(@user.roles, :count).by(-1)
|
142
|
+
|
143
|
+
@user.has_role?('admin', Foo).should be_false
|
144
|
+
@user.has_role?('admin').should be_true # global role
|
145
|
+
end
|
146
|
+
|
147
|
+
it "#has_no_roles_for! should unassign global and class roles with nil object" do
|
148
|
+
set_some_roles
|
149
|
+
|
150
|
+
lambda do
|
151
|
+
@user.has_no_roles_for!
|
152
|
+
end.should change(@user.roles, :count).by(-4)
|
153
|
+
|
154
|
+
@user.has_role?('admin').should be_false
|
155
|
+
@user.has_role?('3133t').should be_false
|
156
|
+
@user.has_role?('admin', Foo).should be_false
|
157
|
+
@user.has_role?('manager', Foo).should be_false
|
158
|
+
end
|
159
|
+
|
160
|
+
it "#has_no_roles_for! should unassign object roles" do
|
161
|
+
set_some_roles
|
162
|
+
|
163
|
+
lambda do
|
164
|
+
@user.has_no_roles_for! @foo
|
165
|
+
end.should change(@user.roles, :count).by(-2)
|
166
|
+
|
167
|
+
@user.has_role?('user', @foo).should be_false
|
168
|
+
@user.has_role?('manager', @foo).should be_false
|
169
|
+
end
|
170
|
+
|
171
|
+
it "#has_no_roles_for! should unassign both class roles and object roles for objects of that class" do
|
172
|
+
set_some_roles
|
173
|
+
|
174
|
+
lambda do
|
175
|
+
@user.has_no_roles_for! Foo
|
176
|
+
end.should change(@user.roles, :count).by(-4)
|
177
|
+
|
178
|
+
@user.has_role?('admin', Foo).should be_false
|
179
|
+
@user.has_role?('manager', Foo).should be_false
|
180
|
+
@user.has_role?('user', @foo).should be_false
|
181
|
+
@user.has_role?('manager', @foo).should be_false
|
182
|
+
end
|
183
|
+
|
184
|
+
it "#has_no_roles! should unassign all roles" do
|
185
|
+
set_some_roles
|
186
|
+
|
187
|
+
@user.has_no_roles!
|
188
|
+
@user.roles.count.should == 0
|
189
|
+
end
|
190
|
+
|
191
|
+
it "should delete unused roles from table" do
|
192
|
+
@user.has_role!('owner', @bar)
|
193
|
+
@user2.has_role!('owner', @bar)
|
194
|
+
|
195
|
+
Role.count.should == 1
|
196
|
+
|
197
|
+
@bar.accepts_no_role!('owner', @user2)
|
198
|
+
Role.count.should == 1
|
199
|
+
|
200
|
+
@bar.accepts_no_role!('owner', @user)
|
201
|
+
|
202
|
+
Role.count.should == 0
|
203
|
+
end
|
204
|
+
|
205
|
+
it "should accept :symbols as role names" do
|
206
|
+
@user.has_role! :admin
|
207
|
+
@user.has_role! :_3133t
|
208
|
+
|
209
|
+
@user.has_role! :admin, Foo
|
210
|
+
@user.has_role! :manager, Foo
|
211
|
+
@user.has_role! :user, @foo
|
212
|
+
@foo.accepts_role! :manager, @user
|
213
|
+
@bar.accepts_role! :owner, @user
|
214
|
+
|
215
|
+
@user.has_role?(:admin).should be_true
|
216
|
+
@user.has_role?(:_3133t).should be_true
|
217
|
+
@user.has_role?(:admin, Foo).should be_true
|
218
|
+
@user.has_role?(:manager, @foo).should be_true
|
219
|
+
|
220
|
+
|
221
|
+
end
|
222
|
+
|
223
|
+
private
|
224
|
+
|
225
|
+
def set_some_roles
|
226
|
+
@user.has_role!('admin')
|
227
|
+
@user.has_role!('3133t')
|
228
|
+
|
229
|
+
@user.has_role!('admin', Foo)
|
230
|
+
@user.has_role!('manager', Foo)
|
231
|
+
@user.has_role!('user', @foo)
|
232
|
+
@foo.accepts_role!('manager', @user)
|
233
|
+
@bar.accepts_role!('owner', @user)
|
234
|
+
end
|
235
|
+
end
|
236
|
+
|
237
|
+
describe "Roles with custom class names" do
|
238
|
+
before do
|
239
|
+
AnotherRole.destroy_all
|
240
|
+
[AnotherSubject, FooBar].each { |model| model.delete_all }
|
241
|
+
|
242
|
+
@subj = AnotherSubject.create!
|
243
|
+
@subj2 = AnotherSubject.create!
|
244
|
+
@foobar = FooBar.create!
|
245
|
+
end
|
246
|
+
|
247
|
+
it "should basically work" do
|
248
|
+
lambda do
|
249
|
+
@subj.has_role!('admin')
|
250
|
+
@subj.has_role!('user', @foobar)
|
251
|
+
end.should change(AnotherRole, :count).from(0).to(2)
|
252
|
+
|
253
|
+
@subj.has_role?('admin').should be_true
|
254
|
+
@subj2.has_role?('admin').should be_false
|
255
|
+
|
256
|
+
@subj.has_role?(:user, @foobar).should be_true
|
257
|
+
@subj2.has_role?(:user, @foobar).should be_false
|
258
|
+
end
|
259
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,34 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'spec'
|
3
|
+
require 'activerecord'
|
4
|
+
require 'action_controller'
|
5
|
+
|
6
|
+
require 'action_controller/test_process'
|
7
|
+
require 'action_controller/integration'
|
8
|
+
|
9
|
+
require 'active_record/fixtures'
|
10
|
+
|
11
|
+
class ApplicationController < ActionController::Base
|
12
|
+
end
|
13
|
+
|
14
|
+
require 'rails/version'
|
15
|
+
|
16
|
+
require 'spec/rails/matchers'
|
17
|
+
require 'spec/rails/mocks'
|
18
|
+
require 'spec/rails/example'
|
19
|
+
require 'spec/rails/extensions'
|
20
|
+
#require 'spec/rails/interop/testcase'
|
21
|
+
|
22
|
+
this_dir = File.dirname(__FILE__)
|
23
|
+
|
24
|
+
RAILS_ROOT = File.join(this_dir, "..")
|
25
|
+
|
26
|
+
ActiveRecord::Base.logger = Logger.new(this_dir + "/debug.log")
|
27
|
+
|
28
|
+
ActiveRecord::Base.establish_connection(:adapter => "sqlite3", :database => "#{this_dir}/db/test.sqlite3")
|
29
|
+
|
30
|
+
load(File.join(this_dir, "db", "schema.rb"))
|
31
|
+
|
32
|
+
ActionController::Routing::Routes.draw do |map|
|
33
|
+
map.connect ":controller/:action/:id"
|
34
|
+
end
|
metadata
ADDED
@@ -0,0 +1,102 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: be9-acl9
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.9.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Oleg Dashevskii
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
|
12
|
+
date: 2009-01-03 00:00:00 -08:00
|
13
|
+
default_executable:
|
14
|
+
dependencies:
|
15
|
+
- !ruby/object:Gem::Dependency
|
16
|
+
name: rspec
|
17
|
+
version_requirement:
|
18
|
+
version_requirements: !ruby/object:Gem::Requirement
|
19
|
+
requirements:
|
20
|
+
- - ">="
|
21
|
+
- !ruby/object:Gem::Version
|
22
|
+
version: 1.1.11
|
23
|
+
version:
|
24
|
+
- !ruby/object:Gem::Dependency
|
25
|
+
name: rspec-rails
|
26
|
+
version_requirement:
|
27
|
+
version_requirements: !ruby/object:Gem::Requirement
|
28
|
+
requirements:
|
29
|
+
- - ">="
|
30
|
+
- !ruby/object:Gem::Version
|
31
|
+
version: 1.1.11
|
32
|
+
version:
|
33
|
+
description: Yet another role-based authorization system for Rails with a nice DSL for access control lists.
|
34
|
+
email: olegdashevskii@gmail.com
|
35
|
+
executables: []
|
36
|
+
|
37
|
+
extensions: []
|
38
|
+
|
39
|
+
extra_rdoc_files:
|
40
|
+
- lib/acl9/config.rb
|
41
|
+
- lib/acl9/model_extensions/subject.rb
|
42
|
+
- lib/acl9/model_extensions/object.rb
|
43
|
+
- lib/acl9/controller_extensions.rb
|
44
|
+
- lib/acl9/controller_extensions/filter_producer.rb
|
45
|
+
- lib/acl9/version.rb
|
46
|
+
- lib/acl9/model_extensions.rb
|
47
|
+
- lib/acl9.rb
|
48
|
+
- README.textile
|
49
|
+
files:
|
50
|
+
- lib/acl9/config.rb
|
51
|
+
- lib/acl9/model_extensions/subject.rb
|
52
|
+
- lib/acl9/model_extensions/object.rb
|
53
|
+
- lib/acl9/controller_extensions.rb
|
54
|
+
- lib/acl9/controller_extensions/filter_producer.rb
|
55
|
+
- lib/acl9/version.rb
|
56
|
+
- lib/acl9/model_extensions.rb
|
57
|
+
- lib/acl9.rb
|
58
|
+
- spec/db/schema.rb
|
59
|
+
- spec/filter_producer_spec.rb
|
60
|
+
- spec/spec_helper.rb
|
61
|
+
- spec/models.rb
|
62
|
+
- spec/access_control_spec.rb
|
63
|
+
- spec/roles_spec.rb
|
64
|
+
- Manifest
|
65
|
+
- MIT-LICENSE
|
66
|
+
- Rakefile
|
67
|
+
- README.textile
|
68
|
+
- init.rb
|
69
|
+
- acl9.gemspec
|
70
|
+
has_rdoc: true
|
71
|
+
homepage: http://github.com/be9/acl9
|
72
|
+
post_install_message:
|
73
|
+
rdoc_options:
|
74
|
+
- --line-numbers
|
75
|
+
- --inline-source
|
76
|
+
- --title
|
77
|
+
- Acl9
|
78
|
+
- --main
|
79
|
+
- README.textile
|
80
|
+
require_paths:
|
81
|
+
- lib
|
82
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
83
|
+
requirements:
|
84
|
+
- - ">="
|
85
|
+
- !ruby/object:Gem::Version
|
86
|
+
version: "0"
|
87
|
+
version:
|
88
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
89
|
+
requirements:
|
90
|
+
- - ">="
|
91
|
+
- !ruby/object:Gem::Version
|
92
|
+
version: "1.2"
|
93
|
+
version:
|
94
|
+
requirements: []
|
95
|
+
|
96
|
+
rubyforge_project: acl9
|
97
|
+
rubygems_version: 1.2.0
|
98
|
+
signing_key:
|
99
|
+
specification_version: 2
|
100
|
+
summary: Yet another role-based authorization system for Rails with a nice DSL for access control lists.
|
101
|
+
test_files: []
|
102
|
+
|