careacademy-acl9 3.3.0

data/test/dummy/app/controllers/acl_helper_method.rb

@@ -0,0 +1,11 @@
+class ACLHelperMethod < ApplicationController
+  access_control :helper => :foo? do
+    allow :owner, :of => :foo
+  end
+
+  def allow
+    @foo = Foo.first
+
+    render inline: "<div><%= foo? ? 'OK' : 'AccessDenied' %></div>"
+  end
+end

data/test/dummy/app/controllers/acl_ivars.rb

@@ -0,0 +1,17 @@
+class ACLIvars < EmptyController
+
+  before_action :set_ivars
+
+  access_control do
+    action :destroy do
+      allow :owner, of: :foo
+      allow :bartender, at: Foo
+    end
+  end
+
+  private
+
+  def set_ivars
+    @foo = Bar
+  end
+end

data/test/dummy/app/controllers/acl_method.rb

@@ -0,0 +1,6 @@
+class ACLMethod < EmptyController
+  access_control :as_method => :acl do
+    allow all, :to => [:index, :show]
+    allow :admin, :except => [:index, :show]
+  end
+end

data/test/dummy/app/controllers/acl_method2.rb

@@ -0,0 +1,6 @@
+class ACLMethod2 < EmptyController
+  access_control :acl do
+    allow all, :to => [:index, :show]
+    allow :admin, :except => [:index, :show]
+  end
+end

data/test/dummy/app/controllers/acl_objects_hash.rb

@@ -0,0 +1,10 @@
+class ACLObjectsHash < ApplicationController
+  access_control :allowed?, :filter => false do
+    allow :owner, :of => :foo
+  end
+
+  def allow
+    @foo = nil
+    head allowed?( :foo => Foo.find_by_id(params[:user_id]) ) ? :ok : :unauthorized
+  end
+end

data/test/dummy/app/controllers/acl_query_method.rb

@@ -0,0 +1,9 @@
+class ACLQueryMethod < ApplicationController
+  attr_accessor :current_user
+
+  access_control :acl, :query_method => true do
+    allow :editor, :to => [:edit, :update, :destroy]
+    allow :viewer, :to => [:index, :show]
+    allow :owner,  :of => :foo, :to => :fooize
+  end
+end

data/test/dummy/app/controllers/acl_query_method_named.rb

@@ -0,0 +1,15 @@
+class ACLQueryMethodNamed < ApplicationController
+  attr_accessor :current_user
+
+  access_control :acl, :query_method => 'allow_ay' do
+    allow :editor, :to => [:edit, :update, :destroy]
+    allow :viewer, :to => [:index, :show]
+    allow :owner,  :of => :foo, :to => :fooize
+  end
+
+  def acl?(*args)
+    @foo = Foo.first
+
+    allow_ay(*args)
+  end
+end

data/test/dummy/app/controllers/acl_query_method_with_lambda.rb

@@ -0,0 +1,9 @@
+class ACLQueryMethodWithLambda < ApplicationController
+  attr_accessor :current_user
+
+  access_control :query_method => :acl? do
+    allow :editor, :to => [:edit, :update, :destroy]
+    allow :viewer, :to => [:index, :show]
+    allow :owner,  :of => :foo, :to => :fooize
+  end
+end

data/test/dummy/app/controllers/acl_subject_method.rb

@@ -0,0 +1,16 @@
+class ACLSubjectMethod < ApplicationController
+  access_control :subject_method => :the_only_user do
+    allow :the_only_one
+  end
+
+  def index
+    head :ok
+  end
+
+  private
+
+  alias_method :the_only_user, :current_user
+  def current_user
+    raise "ACK!"
+  end
+end

data/test/dummy/app/controllers/application_controller.rb

@@ -0,0 +1,13 @@
+class ApplicationController < ActionController::Base
+  before_action :before_action
+
+  attr_accessor :current_user
+
+  def current_user
+    @current_user ||= User.find params[:user_id] if params[:user_id]
+  end
+
+  def before_action
+    @foo = Foo.first
+  end
+end

data/test/dummy/app/controllers/empty_controller.rb

@@ -0,0 +1,5 @@
+class EmptyController < ApplicationController
+  %i[index show new edit create update destroy].each do |action|
+    define_method(action) { render plain: 'OK' }
+  end
+end

data/test/dummy/app/helpers/application_helper.rb

@@ -0,0 +1,2 @@
+module ApplicationHelper
+end

data/test/dummy/app/helpers/some_helper.rb

@@ -0,0 +1,8 @@
+module SomeHelper
+  include Acl9Helpers
+
+  access_control :the_question do
+    allow :hamlet, :to => :be
+    allow :hamlet, :except => :be
+  end
+end

data/test/dummy/app/models/access.rb

@@ -0,0 +1,3 @@
+class Access < ActiveRecord::Base
+  acts_as_authorization_role :subject_class_name => "Account"
+end

data/test/dummy/app/models/account.rb

@@ -0,0 +1,3 @@
+class Account < ActiveRecord::Base
+  acts_as_authorization_subject association_name: :roles, role_class_name: 'Access'
+end

data/test/dummy/app/models/bar.rb

@@ -0,0 +1,3 @@
+class Bar < ActiveRecord::Base
+  acts_as_authorization_object
+end

data/test/dummy/app/models/foo.rb

@@ -0,0 +1,3 @@
+class Foo < ActiveRecord::Base
+  acts_as_authorization_object
+end

data/test/dummy/app/models/foo_bar.rb

@@ -0,0 +1,3 @@
+class FooBar < ActiveRecord::Base
+  acts_as_authorization_object :role_class_name => 'Access', :subject_class_name => 'Account'
+end

data/test/dummy/app/models/other/foo.rb

@@ -0,0 +1,5 @@
+module Other
+  class Foo < ActiveRecord::Base
+    acts_as_authorization_object :role_class_name => 'Other::Role', :subject_class_name => "Other::User"
+  end
+end

data/test/dummy/app/models/other/role.rb

@@ -0,0 +1,5 @@
+module Other
+  class Role < ActiveRecord::Base
+    acts_as_authorization_role :join_table_name => "other_roles_users", :subject_class_name => "Other::User"
+  end
+end

data/test/dummy/app/models/other/user.rb

@@ -0,0 +1,5 @@
+module Other
+  class User < ActiveRecord::Base
+    acts_as_authorization_subject :association_name => :roles, :join_table_name => "other_roles_users", :role_class_name => "Other::Role"
+  end
+end

data/test/dummy/app/models/role.rb

@@ -0,0 +1,3 @@
+class Role < ActiveRecord::Base
+  acts_as_authorization_role
+end

data/test/dummy/app/models/string_object_role.rb

@@ -0,0 +1,3 @@
+class StringObjectRole < ActiveRecord::Base
+  acts_as_authorization_role subject_class_name: "StringUser"
+end

data/test/dummy/app/models/string_user.rb

@@ -0,0 +1,3 @@
+class StringUser < ActiveRecord::Base
+  acts_as_authorization_subject role_class_name: "StringObjectRole"
+end

data/test/dummy/app/models/user.rb

@@ -0,0 +1,3 @@
+class User < ActiveRecord::Base
+  acts_as_authorization_subject
+end

data/test/dummy/app/models/uuid.rb

@@ -0,0 +1,4 @@
+class Uuid < ActiveRecord::Base
+  self.primary_key = "uuid"  
+  acts_as_authorization_object role_class_name: "StringObjectRole", subject_class_name: "StringUser"
+end

data/test/dummy/config/application.rb

@@ -0,0 +1,23 @@
+require File.expand_path('../boot', __FILE__)
+
+require 'rails/all'
+
+# Require the gems listed in Gemfile, including any gems
+# you've limited to :test, :development, or :production.
+Bundler.require
+
+module Dummy
+  class Application < Rails::Application
+    # Settings in config/environments/* take precedence over those specified here.
+    # Application configuration should go into files in config/initializers
+    # -- all .rb files in that directory are automatically loaded.
+
+    # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
+    # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
+    # config.time_zone = 'Central Time (US & Canada)'
+
+    # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
+    # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
+    # config.i18n.default_locale = :de
+  end
+end

data/test/dummy/config/boot.rb

@@ -0,0 +1,4 @@
+# Set up gems listed in the Gemfile.
+ENV['BUNDLE_GEMFILE'] ||= File.expand_path('../../Gemfile', __FILE__)
+
+require 'bundler/setup' if File.exist?(ENV['BUNDLE_GEMFILE'])

data/test/dummy/config/database.yml

@@ -0,0 +1,25 @@
+# SQLite version 3.x
+#   gem install sqlite3
+#
+#   Ensure the SQLite 3 gem is defined in your Gemfile
+#   gem 'sqlite3'
+#
+default: &default
+  adapter: sqlite3
+  pool: 5
+  timeout: 5000
+
+development:
+  <<: *default
+  database: ':memory:'
+
+# Warning: The database defined as "test" will be erased and
+# re-generated from your development database when you run "rake".
+# Do not set this db to the same as development or production.
+test:
+  <<: *default
+  database: ':memory:'
+
+production:
+  <<: *default
+  database: ':memory:'

data/test/dummy/config/environment.rb

@@ -0,0 +1,5 @@
+# Load the Rails application.
+require File.expand_path('../application', __FILE__)
+
+# Initialize the Rails application.
+Dummy::Application.initialize!

data/test/dummy/config/environments/development.rb

@@ -0,0 +1,37 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # In the development environment your application's code is reloaded on
+  # every request. This slows down response time but is perfect for development
+  # since you don't have to restart the web server when you make code changes.
+  config.cache_classes = false
+
+  # Do not eager load code on boot.
+  config.eager_load = false
+
+  # Show full error reports and disable caching.
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Don't care if the mailer can't send.
+  config.action_mailer.raise_delivery_errors = false
+
+  # Print deprecation notices to the Rails logger.
+  config.active_support.deprecation = :log
+
+  # Raise an error on page load if there are pending migrations.
+  config.active_record.migration_error = :page_load
+
+  # Debug mode disables concatenation and preprocessing of assets.
+  # This option may cause significant delays in view rendering with a large
+  # number of complex assets.
+  config.assets.debug = true
+
+  # Adds additional error checking when serving assets at runtime.
+  # Checks for improperly declared sprockets dependencies.
+  # Raises helpful error messages.
+  config.assets.raise_runtime_errors = true
+
+  # Raises error for missing translations
+  # config.action_view.raise_on_missing_translations = true
+end

data/test/dummy/config/environments/test.rb

@@ -0,0 +1,40 @@
+Dummy::Application.configure do
+  # Settings specified here will take precedence over those in config/application.rb.
+
+  # The test environment is used exclusively to run your application's
+  # test suite. You never need to work with it otherwise. Remember that
+  # your test database is "scratch space" for the test suite and is wiped
+  # and recreated between test runs. Don't rely on the data there!
+  config.cache_classes = true
+
+  # Do not eager load code on boot. This avoids loading your whole application
+  # just for the purpose of running a single test. If you are using a tool that
+  # preloads Rails for running tests, you may have to set it to true.
+  config.eager_load = false
+
+  # Configure static asset server for tests with Cache-Control for performance.
+  config.public_file_server.enabled = true
+  config.public_file_server.headers = { 'Cache-Control' => 'public, max-age=3600' }
+
+  # Show full error reports and disable caching.
+  config.consider_all_requests_local       = true
+  config.action_controller.perform_caching = false
+
+  # Raise exceptions instead of rendering exception templates.
+  config.action_dispatch.show_exceptions = false
+
+  # Disable request forgery protection in test environment.
+  config.action_controller.allow_forgery_protection = false
+
+  # Tell Action Mailer not to deliver emails to the real world.
+  # The :test delivery method accumulates sent emails in the
+  # ActionMailer::Base.deliveries array.
+  config.action_mailer.delivery_method = :test
+
+  # Print deprecation notices to the stderr.
+  config.active_support.deprecation = :stderr
+
+  # Raises error for missing translations
+  # config.action_view.raise_on_missing_translations = true
+  config.log_level = :unknown
+end

data/test/dummy/config/initializers/assets.rb

@@ -0,0 +1,8 @@
+# Be sure to restart your server when you modify this file.
+
+# Version of your assets, change this if you want to expire all your assets.
+Dummy::Application.config.assets.version = '1.0'
+
+# Precompile additional assets.
+# application.js, application.css, and all non-JS/CSS in app/assets folder are already added.
+# Rails.application.config.assets.precompile += %w( search.js )

data/test/dummy/config/initializers/backtrace_silencers.rb

@@ -0,0 +1,7 @@
+# Be sure to restart your server when you modify this file.
+
+# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
+# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
+
+# You can also remove all the silencers if you're trying to debug a problem that might stem from framework code.
+# Rails.backtrace_cleaner.remove_silencers!

data/test/dummy/config/initializers/cookies_serializer.rb

@@ -0,0 +1,3 @@
+# Be sure to restart your server when you modify this file.
+
+Dummy::Application.config.action_dispatch.cookies_serializer = :json

data/test/dummy/config/initializers/filter_parameter_logging.rb

@@ -0,0 +1,4 @@
+# Be sure to restart your server when you modify this file.
+
+# Configure sensitive parameters which will be filtered from the log file.
+Dummy::Application.config.filter_parameters += [:password]

data/test/dummy/config/initializers/inflections.rb

@@ -0,0 +1,16 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new inflection rules using the following format. Inflections
+# are locale specific, and you may define rules for as many different
+# locales as you wish. All of these examples are active by default:
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
+#   inflect.plural /^(ox)$/i, '\1en'
+#   inflect.singular /^(ox)en/i, '\1'
+#   inflect.irregular 'person', 'people'
+#   inflect.uncountable %w( fish sheep )
+# end
+
+# These inflection rules are supported but not enabled by default:
+# ActiveSupport::Inflector.inflections(:en) do |inflect|
+#   inflect.acronym 'RESTful'
+# end

data/test/dummy/config/initializers/mime_types.rb

@@ -0,0 +1,4 @@
+# Be sure to restart your server when you modify this file.
+
+# Add new mime types for use in respond_to blocks:
+# Mime::Type.register "text/richtext", :rtf

data/test/dummy/config/initializers/secrets.rb

@@ -0,0 +1 @@
+Dummy::Application.config.secret_key_base = 'b29f2acba41e296f52ae4e3d11de570df29f69fe1ca9cad18634fec6fc2569d0b32ce5f66a822758a80bf6c9c828b038e0366f098397df636479b4ec437c9a46'

data/test/dummy/config/initializers/session_store.rb

@@ -0,0 +1,3 @@
+# Be sure to restart your server when you modify this file.
+
+Dummy::Application.config.session_store :cookie_store, key: '_dummy_session'

data/test/dummy/config/initializers/wrap_parameters.rb

@@ -0,0 +1,14 @@
+# Be sure to restart your server when you modify this file.
+
+# This file contains settings for ActionController::ParamsWrapper which
+# is enabled by default.
+
+# Enable parameter wrapping for JSON. You can disable this by setting :format to an empty array.
+ActiveSupport.on_load(:action_controller) do
+  wrap_parameters format: [:json] if respond_to?(:wrap_parameters)
+end
+
+# To enable root element in JSON for ActiveRecord objects.
+# ActiveSupport.on_load(:active_record) do
+#  self.include_root_in_json = true
+# end

data/test/dummy/config/locales/en.yml

@@ -0,0 +1,23 @@
+# Files in the config/locales directory are used for internationalization
+# and are automatically loaded by Rails. If you want to use locales other
+# than English, add the necessary files in this directory.
+#
+# To use the locales, use `I18n.t`:
+#
+#     I18n.t 'hello'
+#
+# In views, this is aliased to just `t`:
+#
+#     <%= t('hello') %>
+#
+# To use a different locale, set it with `I18n.locale`:
+#
+#     I18n.locale = :es
+#
+# This would use the information in config/locales/es.yml.
+#
+# To learn more, please read the Rails Internationalization guide
+# available at http://guides.rubyonrails.org/i18n.html.
+
+en:
+  hello: "Hello world"

data/test/dummy/config/routes.rb

@@ -0,0 +1,14 @@
+Dummy::Application.routes.draw do
+  resources :acl_action_override do
+    collection do
+      get :check_allow_with_foo
+      get :check_allow
+    end
+  end
+
+  resources :acl_boolean_method, :acl_block, :acl_ivars, :acl_method, :acl_method2, :acl_subject_method, :acl_arguments
+
+  get :acl_helper_method, to: "acl_helper_method#allow"
+  get :acl_objects_hash, to: "acl_objects_hash#allow"
+
+end

data/test/dummy/config.ru

@@ -0,0 +1,4 @@
+# This file is used by Rack-based servers to start the application.
+
+require ::File.expand_path('../config/environment',  __FILE__)
+run Dummy::Application

data/test/dummy/db/migrate/20141117132218_create_tables.rb

@@ -0,0 +1,149 @@
+class CreateTables < ActiveRecord::Migration[ActiveRecord::Migration.current_version]
+  def self.r5?
+    Rails.gem_version >= Gem::Version.new(5)
+  end
+  def r5?
+    self.class.r5?
+  end
+
+  def change
+    create_table :roles do |t|
+      t.string   :name,              :limit => 40
+      t.boolean  :system
+      if r5?
+        t.references :authorizable, polymorphic: true
+      else
+        t.string   :authorizable_type, :limit => 40
+        t.integer  :authorizable_id
+      end
+      t.timestamps null: false
+    end
+
+    unless r5?
+      add_index :roles, [:authorizable_type, :authorizable_id]
+    end
+
+    create_table :roles_users, id: false do |t|
+      t.references  :user
+      t.references  :role
+    end
+
+    unless r5?
+      add_index :roles_users, :user_id
+      add_index :roles_users, :role_id
+    end
+
+    create_table :users do |t|
+      t.string :name
+      t.timestamps null: false
+    end
+
+    create_table :foos do |t|
+      t.string :name
+      t.timestamps null: false
+    end
+
+    create_table :bars do |t|
+      t.string :name
+      t.timestamps null: false
+    end
+
+    create_table :uuids, id: false do |t|
+      t.string :uuid, primary_key: true
+      t.string :name
+      t.timestamps null: false
+    end
+
+    create_table :string_object_roles do |t|
+      t.string :name
+      t.boolean  :system
+      t.string   :authorizable_type
+      t.string   :authorizable_id
+      t.timestamps null: false
+    end
+
+    create_table :string_object_roles_string_users, id: false do |t|
+      t.references  :string_user, index: { name: "susor" }
+      t.references  :string_object_role, index: { name: "sorsu" }
+    end
+
+    create_table :string_users do |t|
+      t.string :name
+      t.timestamps null: false
+    end
+
+
+    create_table :accounts do |t|
+      t.string :name
+      t.timestamps null: false
+    end
+
+    create_table :accesses do |t|
+      t.string :name
+      t.boolean  :system
+      if r5?
+        t.references :authorizable, polymorphic: true
+      else
+        t.string   :authorizable_type, :limit => 40
+        t.integer  :authorizable_id
+      end
+      t.timestamps null: false
+    end
+
+    unless r5?
+      add_index :accesses, [:authorizable_type, :authorizable_id]
+    end
+
+    create_table :accesses_accounts, id: false do |t|
+      t.references  :account
+      t.references  :access
+    end
+
+    unless r5?
+      add_index :accesses_accounts, :access_id
+      add_index :accesses_accounts, :account_id
+    end
+
+    create_table :foo_bars do |t|
+      t.string :name
+      t.timestamps null: false
+    end
+
+
+    create_table :other_roles do |t|
+      t.string   :name,              :limit => 40
+      t.boolean  :system
+      if r5?
+        t.references :authorizable, polymorphic: true
+      else
+        t.string   :authorizable_type, :limit => 40
+        t.integer  :authorizable_id
+      end
+      t.timestamps null: false
+    end
+
+    unless r5?
+      add_index :other_roles, [:authorizable_type, :authorizable_id]
+    end
+
+    create_table :other_roles_users, id: false do |t|
+      t.references  :user
+      t.references  :role
+    end
+
+    unless r5?
+      add_index :other_roles_users, :user_id
+      add_index :other_roles_users, :role_id
+    end
+
+    create_table :other_users do |t|
+      t.string :name
+      t.timestamps null: false
+    end
+
+    create_table :other_foos do |t|
+      t.string :name
+      t.timestamps null: false
+    end
+  end
+end