cancan_namespace 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- data/MIT-LICENSE +20 -0
- data/README.rdoc +50 -0
- data/Rakefile +45 -0
- data/lib/cancan_namespace.rb +5 -0
- data/lib/cancan_namespace/ability.rb +63 -0
- data/lib/cancan_namespace/controller_resource.rb +42 -0
- data/lib/cancan_namespace/rule.rb +29 -0
- data/lib/cancan_namespace/version.rb +12 -0
- metadata +90 -0
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2011 Aimbulance
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.rdoc
ADDED
@@ -0,0 +1,50 @@
|
|
1
|
+
= CancanNamespace
|
2
|
+
|
3
|
+
Namespace for cancan gem.
|
4
|
+
|
5
|
+
== Install
|
6
|
+
|
7
|
+
gem 'cancan_namespace'
|
8
|
+
|
9
|
+
== Usage
|
10
|
+
|
11
|
+
class Ability
|
12
|
+
include CanCanNamespace::Ability
|
13
|
+
|
14
|
+
def initialize(user, context = nil)
|
15
|
+
@context = context
|
16
|
+
|
17
|
+
...
|
18
|
+
|
19
|
+
if user.admin?
|
20
|
+
can :manage, :all
|
21
|
+
can :manage, :all, :context => :manage
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
|
27
|
+
=== Controller
|
28
|
+
|
29
|
+
Manage::BaseController < ApplicationController
|
30
|
+
protected
|
31
|
+
|
32
|
+
def current_ability
|
33
|
+
@current_ability ||= ::Ability.new(current_user, :manage)
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
class Manage::PostsController < Manage::BaseController
|
38
|
+
before_filter :find_post, :only => [:edit, :update, :destroy]
|
39
|
+
authorize_resource
|
40
|
+
...
|
41
|
+
end
|
42
|
+
|
43
|
+
=== View
|
44
|
+
|
45
|
+
<% if can? :edit, post, :context => :manage %>
|
46
|
+
<%= link_to 'Edit', edit_manage_post_path(post) %>
|
47
|
+
<% end %>
|
48
|
+
|
49
|
+
|
50
|
+
Copyright (c) 2011 Aimbulance, released under the MIT license
|
data/Rakefile
ADDED
@@ -0,0 +1,45 @@
|
|
1
|
+
require 'rake'
|
2
|
+
require 'rake/testtask'
|
3
|
+
require 'rake/rdoctask'
|
4
|
+
require File.join(File.dirname(__FILE__), 'lib', 'cancan_namespace', 'version')
|
5
|
+
|
6
|
+
desc 'Default: run unit tests.'
|
7
|
+
task :default => :test
|
8
|
+
|
9
|
+
desc 'Test the cancan_namespace plugin.'
|
10
|
+
Rake::TestTask.new(:test) do |t|
|
11
|
+
t.libs << 'lib'
|
12
|
+
t.libs << 'test'
|
13
|
+
t.pattern = 'test/**/*_test.rb'
|
14
|
+
t.verbose = true
|
15
|
+
end
|
16
|
+
|
17
|
+
desc 'Generate documentation for the cancan_namespace plugin.'
|
18
|
+
Rake::RDocTask.new(:rdoc) do |rdoc|
|
19
|
+
rdoc.rdoc_dir = 'rdoc'
|
20
|
+
rdoc.title = 'CancanNamespace'
|
21
|
+
rdoc.options << '--line-numbers' << '--inline-source'
|
22
|
+
rdoc.rdoc_files.include('README')
|
23
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
24
|
+
end
|
25
|
+
|
26
|
+
begin
|
27
|
+
require 'jeweler'
|
28
|
+
Jeweler::Tasks.new do |gemspec|
|
29
|
+
gemspec.name = "cancan_namespace"
|
30
|
+
gemspec.version = CancanNamespace::Version.dup
|
31
|
+
gemspec.summary = "Cancan namespace"
|
32
|
+
gemspec.description = "Add namespace for cancan authorization library"
|
33
|
+
gemspec.email = "galeta.igor@gmail.com"
|
34
|
+
gemspec.homepage = "https://github.com/galetahub/cancan_namespace"
|
35
|
+
gemspec.authors = ["Igor Galeta", "Pavlo Galeta"]
|
36
|
+
gemspec.files = FileList["[A-Z]*", "lib/**/*"]
|
37
|
+
gemspec.rubyforge_project = "cancan_namespace"
|
38
|
+
|
39
|
+
gemspec.add_dependency('cancan', '>= 1.6.3')
|
40
|
+
end
|
41
|
+
|
42
|
+
Jeweler::GemcutterTasks.new
|
43
|
+
rescue LoadError
|
44
|
+
puts "Jeweler not available. Install it with: gem install jeweler"
|
45
|
+
end
|
@@ -0,0 +1,63 @@
|
|
1
|
+
module CanCanNamespace
|
2
|
+
|
3
|
+
# This module is designed to be included into an Ability class. This will
|
4
|
+
# provide the "can" methods for defining and checking abilities.
|
5
|
+
#
|
6
|
+
# class Ability
|
7
|
+
# include CanCan::Ability
|
8
|
+
#
|
9
|
+
# def initialize(user)
|
10
|
+
# if user.admin?
|
11
|
+
# can :manage, :all
|
12
|
+
# else
|
13
|
+
# can :read, :all
|
14
|
+
# end
|
15
|
+
# end
|
16
|
+
# end
|
17
|
+
#
|
18
|
+
module Ability
|
19
|
+
include CanCan::Ability
|
20
|
+
|
21
|
+
attr_accessor :context
|
22
|
+
|
23
|
+
def can?(action, subject, *extra_args)
|
24
|
+
context = @context
|
25
|
+
if extra_args.last.kind_of?(Hash) && extra_args.last.has_key?(:context)
|
26
|
+
context = extra_args.pop[:context]
|
27
|
+
end
|
28
|
+
|
29
|
+
match = relevant_rules_for_match(action, subject, context).detect do |rule|
|
30
|
+
rule.matches_conditions?(action, subject, extra_args)
|
31
|
+
end
|
32
|
+
match ? match.base_behavior : false
|
33
|
+
end
|
34
|
+
|
35
|
+
def can(action = nil, subject = nil, conditions = nil, &block)
|
36
|
+
rules << CanCanNamespace::Rule.new(true, action, subject, conditions, block)
|
37
|
+
end
|
38
|
+
|
39
|
+
def cannot(action = nil, subject = nil, conditions = nil, &block)
|
40
|
+
rules << CanCanNamespace::Rule.new(false, action, subject, conditions, block)
|
41
|
+
end
|
42
|
+
|
43
|
+
private
|
44
|
+
|
45
|
+
# Returns an array of Rule instances which match the action and subject
|
46
|
+
# This does not take into consideration any hash conditions or block statements
|
47
|
+
def relevant_rules(action, subject, context = nil)
|
48
|
+
context ||= @context
|
49
|
+
rules.reverse.select do |rule|
|
50
|
+
rule.expanded_actions = expand_actions(rule.actions)
|
51
|
+
rule.relevant? action, subject, context
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
def relevant_rules_for_match(action, subject, context = nil)
|
56
|
+
relevant_rules(action, subject, context).each do |rule|
|
57
|
+
if rule.only_raw_sql?
|
58
|
+
raise Error, "The can? and cannot? call cannot be used with a raw sql 'can' definition. The checking code cannot be determined for #{action.inspect} #{subject.inspect}"
|
59
|
+
end
|
60
|
+
end
|
61
|
+
end
|
62
|
+
end
|
63
|
+
end
|
@@ -0,0 +1,42 @@
|
|
1
|
+
module CanCanNamespace
|
2
|
+
# Handle the load and authorization controller logic so we don't clutter up all controllers with non-interface methods.
|
3
|
+
# This class is used internally, so you do not need to call methods directly on it.
|
4
|
+
module ControllerResource # :nodoc:
|
5
|
+
def self.included(base)
|
6
|
+
base.send :include, InstanceMethods
|
7
|
+
base.send :extend, ClassMethods
|
8
|
+
end
|
9
|
+
|
10
|
+
module ClassMethods
|
11
|
+
def self.extended(base)
|
12
|
+
base.class_eval do
|
13
|
+
alias_method :authorize_resource, :authorize_resource_with_context
|
14
|
+
end
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
module InstanceMethods
|
19
|
+
def authorize_resource_with_context
|
20
|
+
unless skip?(:authorize)
|
21
|
+
options = { :context => module_from_controller }
|
22
|
+
@controller.authorize!(authorization_action, resource_instance || resource_class_with_parent, options)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
private
|
27
|
+
|
28
|
+
def module_from_controller
|
29
|
+
modules = @params[:controller].sub("Controller", "").underscore.split('/')
|
30
|
+
if modules.size > 1
|
31
|
+
modules.first.singularize
|
32
|
+
else
|
33
|
+
return nil
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
if defined? CanCan::ControllerResource
|
41
|
+
CanCan::ControllerResource.send(:include, CanCanNamespace::ControllerResource)
|
42
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
module CanCanNamespace
|
2
|
+
# This class is used internally and should only be called through Ability.
|
3
|
+
# it holds the information about a "can" call made on Ability and provides
|
4
|
+
# helpful methods to determine permission checking and conditions hash generation.
|
5
|
+
class Rule < ::CanCan::Rule
|
6
|
+
# The first argument when initializing is the base_behavior which is a true/false
|
7
|
+
# value. True for "can" and false for "cannot". The next two arguments are the action
|
8
|
+
# and subject respectively (such as :read, @project). The third argument is a hash
|
9
|
+
# of conditions and the last one is the block passed to the "can" call.
|
10
|
+
def initialize(base_behavior, action, subject, conditions, block)
|
11
|
+
super
|
12
|
+
@contexts = has_conditions? && @conditions.has_key?(:context) ? [@conditions.delete(:context)].flatten.map(&:to_s) : []
|
13
|
+
end
|
14
|
+
|
15
|
+
def has_conditions?
|
16
|
+
!conditions_empty? && @conditions.kind_of?(Hash)
|
17
|
+
end
|
18
|
+
|
19
|
+
# Matches both the subject and action, not necessarily the conditions
|
20
|
+
def relevant?(action, subject, context = nil)
|
21
|
+
subject = subject.values.first if subject.class == Hash
|
22
|
+
@match_all || (matches_action?(action) && matches_subject?(subject) && matches_context(context))
|
23
|
+
end
|
24
|
+
|
25
|
+
def matches_context(context)
|
26
|
+
(context.nil? && @contexts.empty?) || (context && @contexts.include?(context.to_s))
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
metadata
ADDED
@@ -0,0 +1,90 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: cancan_namespace
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
hash: 25
|
5
|
+
prerelease:
|
6
|
+
segments:
|
7
|
+
- 0
|
8
|
+
- 1
|
9
|
+
- 1
|
10
|
+
version: 0.1.1
|
11
|
+
platform: ruby
|
12
|
+
authors:
|
13
|
+
- Igor Galeta
|
14
|
+
- Pavlo Galeta
|
15
|
+
autorequire:
|
16
|
+
bindir: bin
|
17
|
+
cert_chain: []
|
18
|
+
|
19
|
+
date: 2011-03-29 00:00:00 +03:00
|
20
|
+
default_executable:
|
21
|
+
dependencies:
|
22
|
+
- !ruby/object:Gem::Dependency
|
23
|
+
name: cancan
|
24
|
+
prerelease: false
|
25
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
26
|
+
none: false
|
27
|
+
requirements:
|
28
|
+
- - ">="
|
29
|
+
- !ruby/object:Gem::Version
|
30
|
+
hash: 9
|
31
|
+
segments:
|
32
|
+
- 1
|
33
|
+
- 6
|
34
|
+
- 3
|
35
|
+
version: 1.6.3
|
36
|
+
type: :runtime
|
37
|
+
version_requirements: *id001
|
38
|
+
description: Add namespace for cancan authorization library
|
39
|
+
email: galeta.igor@gmail.com
|
40
|
+
executables: []
|
41
|
+
|
42
|
+
extensions: []
|
43
|
+
|
44
|
+
extra_rdoc_files:
|
45
|
+
- README.rdoc
|
46
|
+
files:
|
47
|
+
- MIT-LICENSE
|
48
|
+
- README.rdoc
|
49
|
+
- Rakefile
|
50
|
+
- lib/cancan_namespace.rb
|
51
|
+
- lib/cancan_namespace/ability.rb
|
52
|
+
- lib/cancan_namespace/controller_resource.rb
|
53
|
+
- lib/cancan_namespace/rule.rb
|
54
|
+
- lib/cancan_namespace/version.rb
|
55
|
+
has_rdoc: true
|
56
|
+
homepage: https://github.com/galetahub/cancan_namespace
|
57
|
+
licenses: []
|
58
|
+
|
59
|
+
post_install_message:
|
60
|
+
rdoc_options: []
|
61
|
+
|
62
|
+
require_paths:
|
63
|
+
- lib
|
64
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
65
|
+
none: false
|
66
|
+
requirements:
|
67
|
+
- - ">="
|
68
|
+
- !ruby/object:Gem::Version
|
69
|
+
hash: 3
|
70
|
+
segments:
|
71
|
+
- 0
|
72
|
+
version: "0"
|
73
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
74
|
+
none: false
|
75
|
+
requirements:
|
76
|
+
- - ">="
|
77
|
+
- !ruby/object:Gem::Version
|
78
|
+
hash: 3
|
79
|
+
segments:
|
80
|
+
- 0
|
81
|
+
version: "0"
|
82
|
+
requirements: []
|
83
|
+
|
84
|
+
rubyforge_project: cancan_namespace
|
85
|
+
rubygems_version: 1.6.2
|
86
|
+
signing_key:
|
87
|
+
specification_version: 3
|
88
|
+
summary: Cancan namespace
|
89
|
+
test_files: []
|
90
|
+
|