cbac 0.3.1 → 0.5.1

data/spec/spec_helper.rb

@@ -0,0 +1,12 @@
+ENV["RAILS_ENV"] ||= 'test'
+
+require 'spec/autorun'
+require 'spec/rails'
+
+Spec::Runner.configure do |config|
+   # If you're not using ActiveRecord you should remove these
+  # lines, delete config/database.yml and disable :active_record
+  # in your config/boot.rb
+  config.use_transactional_fixtures = true
+  config.use_instantiated_fixtures  = false
+end

data/tasks/cbac.rake

@@ -1,19 +1,345 @@
-# This rakefile contains the rake tasks for CBAC
-#
-# CBAC is context based access control. It enables an application to
-#
-#
-# cbac:setup
-# cbac:check
-#
-# 2009-11-27  Bert Meerman        First version
-#
-namespace :cbac do
-  namespace :check do
-    desc "Checks all the available controller methods for missing privileges"
-    task :mapping do
-      load_controller_methods
-      puts "lala"
-    end
-  end
-end
+#TODO: zip (or something) the directory resulting from a snapshot and delete it
+#TODO: unzip (or something) the provided snapshot and load from it, then delete temp dir
+#TODO: add staging area to extracted snapshot, inserted snapshot, clearing code, etc.
+
+#TODO: add comments to pristine lines, in a Comment() style
+
+# WARNING: Non-changes are not saved as known_permissions when using pristine or such. THIS IS NOT A BUG! Think of the following scenario:
+# 1) Developers grant permission X
+# 2) User deploys. Permission X is granted in the database.
+# 3) User revokes permission X
+# 4) Developers revoke permission X
+# 5) User upgrades. No change in permission X detected, (since devteam and user agree) so the user is not prompted to accept the change.
+# 6) User grants permission X again
+# 7) User upgrades again. At this point, we want the user to be warned that the devteam thinks granting this permission is not a good idea. 
+#    This is only possible if the non-change in #5 is not registered as KnownChange
+
+# Get a privilege set that fulfills the provided conditions
+  def get_privilege_set(conditions)
+    Cbac::PrivilegeSetRecord.first(:conditions => conditions)
+  end
+
+# Get a Hash containing all entries from the provided table
+  def select_all(table)
+    ActiveRecord::Base.connection.select_all("SELECT * FROM %s;" % table)
+  end
+
+# Generate a usable filename for dumping records of the specified type
+  def get_filename(type)
+    "#{ENV['SNAPSHOT_NAME']}/cbac_#{type}.yml"
+  end
+
+  def load_objects_from_yaml(type)
+    filename = get_filename(type)
+
+    Yaml.load_file(filename)
+  end
+
+# Dump the specified permissions to a YAML file
+  def dump_permissions_to_yaml_file(permissions)
+    permissions.each do |cp|
+      privilege_set_name = get_privilege_set(:id => cp['privilege_set_id']).name
+      cp['privilege_set_id'] = "<%= Cbac::PrivilegeSetRecord.find(:first, :conditions => {:name => '#{privilege_set_name}'}).id %>"
+    end
+    dump_objects_to_yaml_file(permissions, "permissions")
+  end
+
+# Dump a set of objects to a YAML file. Filename is determined by type-string
+  def dump_objects_to_yaml_file(objects, type)
+    filename = get_filename(type)
+
+    puts "Writing #{type} to disk"
+
+    File.open(filename, "w") do |output_file|
+      index = "0000"
+      output_file.write objects.inject({}) { |hash, record|
+        hash["#{type.singularize}_#{index.succ!}"] = record
+        hash
+      }.to_yaml
+    end
+  end
+
+  def get_cbac_pristine_adapter
+    adapter_class = Class.new
+    adapter_class.send :include, Cbac::CbacPristine
+    adapter_class.new
+  end
+
+  namespace :cbac do
+    desc 'Initialize CBAC tables with bootstrap data. Allows ADMINUSER to log in and visit CBAC administration pages. Also, if a Privilege Set called "login" exists, this privilege is granted to "everyone"'
+    task :bootstrap => :environment do
+      adapter = get_cbac_pristine_adapter
+      if adapter.database_contains_cbac_data?
+        if ENV['FORCE'] == "true"
+          puts "FORCE specified: emptying CBAC tables"
+          adapter.clear_cbac_tables
+        else
+          puts "CBAC bootstrap failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
+          exit
+        end
+      end
+
+      adminuser = ENV['ADMINUSER'] || 1
+      login_privilege_set = get_privilege_set(:name => "login")
+      everybody_context_role = ContextRole.roles[:everybody]
+      if !login_privilege_set.nil? and !everybody_context_role.nil?
+        puts "Login privilege exists. Allowing context role 'everybody' to use login privilege"
+        login_permission = Cbac::Permission.new(:context_role => 'everybody', :privilege_set_id => login_privilege_set.id)
+        throw "Failed to save Login Permission" unless login_permission.save
+      end
+
+      puts "Creating Generic Role: administrators"
+      admin_role = Cbac::GenericRole.new(:name => "administrators", :remarks => "System administrators - may edit CBAC permissions")
+      throw "Failed to save new Generic Role" unless admin_role.save
+
+      puts "Creating Administrator Membership for user #{adminuser}"
+      membership = Cbac::Membership.new(:user_id => adminuser, :generic_role_id => admin_role.id)
+      throw "Failed to save new Administrator Membership" unless membership.save
+
+      begin
+        admin_privilege_set_id = get_privilege_set({:name => 'cbac_administration'}).id
+      rescue
+        throw "No PrivilegeSet cbac_administration defined. Aborting."
+      end
+      cbac_admin_permission = Cbac::Permission.new(:generic_role_id => admin_role.id, :privilege_set_id => admin_privilege_set_id)
+      throw "Failed to save Cbac_Administration Permission" unless cbac_admin_permission.save
+
+      puts <<EOF
+**********************************************************
+* Succesfully bootstrapped CBAC. The specified user (# #{adminuser} ) *
+* may now visit the cbac administration pages, which are *
+* located at the URL /cbac/permissions/index by default  *
+**********************************************************
+EOF
+    end
+
+    desc 'Extract a snapshot of the current authorization settings, which can later be restored using the restore_snapshot task. Parameter SNAPSHOT_NAME determines where the snapshot is stored'
+    task :extract_snapshot => :environment do
+      if ENV['SNAPSHOT_NAME'].nil?
+        puts "Missing argument SNAPSHOT_NAME. Substituting timestamp for SNAPSHOT_NAME"
+        require 'date'
+        ENV['SNAPSHOT_NAME'] = DateTime.now.strftime("%Y%m%d%H%M%S")
+      end
+
+      if File::exists?(ENV['SNAPSHOT_NAME']) # Directory already exists!
+        if ENV['FORCE'] == "true"
+          puts "FORCE specified - overwriting older snapshot with same name."
+        else
+          puts "A snapshot with the given name (#{ENV['SNAPSHOT_NAME']}) already exists, and overwriting is dangerous. Specify FORCE=true to override this check"
+          exit
+        end
+      else # Directory does not exist yet
+        FileUtils.mkdir(ENV['SNAPSHOT_NAME'])
+      end
+
+      puts "Extracting CBAC permissions to #{ENV['SNAPSHOT_NAME']}"
+
+      # Don't need privilege sets since they are loaded from a config file.
+      staged_changes = select_all "cbac_staged_permissions"
+      dump_objects_to_yaml_file(staged_changes, "staged_permissions")
+
+      staged_roles = select_all "cbac_staged_roles"
+      dump_objects_to_yaml_file(staged_roles, "staged_roles")
+
+      permissions = select_all "cbac_permissions"
+      dump_permissions_to_yaml_file(permissions)
+
+      generic_roles = select_all "cbac_generic_roles"
+      dump_objects_to_yaml_file(generic_roles, "generic_roles")
+
+      memberships = select_all "cbac_memberships"
+      dump_objects_to_yaml_file(memberships, "memberships")
+
+      known_permissions = select_all "cbac_known_permissions"
+      dump_objects_to_yaml_file(known_permissions, "known_permissions")
+    end
+
+    desc 'Restore a snapshot of authorization settings that was extracted earlier. Specify a snapshot using SNAPSHOT_NAME'
+    task :restore_snapshot => :environment do
+      adapter = get_cbac_pristine_adapter
+      if ENV['SNAPSHOT_NAME'].nil?
+        puts "Missing required parameter SNAPSHOT_NAME. Exiting."
+        exit
+      elsif adapter.database_contains_cbac_data?
+        if ENV['FORCE'] == "true"
+          puts "FORCE specified: emptying CBAC tables"
+          adapter.clear_cbac_tables
+        else
+          puts "Reloading snapshot failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
+          exit
+        end
+      end
+
+      puts "Restoring snapshot #{ENV['SNAPSHOT_NAME']}"
+
+      ENV['FIXTURES_PATH'] = ENV['SNAPSHOT_NAME']
+
+      # Don't need privilege sets since they are loaded from a config file.
+      ENV['FIXTURES'] = "cbac_generic_roles,cbac_memberships,cbac_known_permissions,cbac_permissions,cbac_staged_permissions, cbac_staged_roles"
+
+      Rake::Task["db:fixtures:load"].invoke
+      puts "Successfully restored snapshot."
+      #TODO: check if rake task was successful. else
+      #  puts "Restoring snapshot failed."
+      #end
+    end
+
+    desc 'Restore permissions to factory settings by loading the pristine file into the database'
+    task :pristine => :environment do
+      adapter = get_cbac_pristine_adapter
+      if adapter.database_contains_cbac_data?
+        if ENV['FORCE'] == "true"
+          puts "FORCE specified: emptying CBAC tables"
+        else
+          puts "CBAC pristine failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
+          exit
+        end
+      end
+
+      if ENV['SKIP_SNAPSHOT'] == 'true'
+        puts "\nSKIP_SNAPSHOT provided - not dumping database."
+      else
+        puts "\nDumping a snapshot of the database"
+        Rake::Task["cbac:extract_snapshot"].invoke
+      end
+      filename = ENV['PRISTINE_FILE'] || "config/cbac/cbac.pristine"
+      puts "Parsing pristine file #{filename}"
+      pristine_file = adapter.create_pristine_file(filename)
+      adapter.set_pristine_state([pristine_file], true)
+      puts "Applied #{pristine_file.permissions.length.to_s} permissions."
+      puts "Task cbac:pristine finished."
+    end
+
+    desc 'Restore generic permissions to factory settings'
+    task :pristine_generic => :environment do
+      adapter = get_cbac_pristine_adapter
+      if adapter.database_contains_cbac_data?
+        if ENV['FORCE'] == "true"
+          puts "FORCE specified. Dropping all generic permissions and replacing them with generic pristine"
+          adapter.delete_generic_known_permissions
+          adapter.delete_generic_permissions
+        else
+          puts "CBAC pristine failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
+          exit
+        end
+      end
+
+      if ENV['SKIP_SNAPSHOT'] == 'true'
+        puts "\nSKIP_SNAPSHOT provided - not dumping database."
+      else
+        puts "\nDumping a snapshot of the database"
+        Rake::Task["cbac:extract_snapshot"].invoke
+      end
+
+      filename = ENV['GENERIC_PRISTINE_FILE'] || "config/cbac/cbac_generic.pristine"
+      puts "Parsing pristine file #{filename}"
+      pristine_file = adapter.create_generic_pristine_file(filename)
+      adapter.set_pristine_state([pristine_file], false)
+      puts "Applied #{pristine_file.permissions.length.to_s} permissions."
+      puts "Task cbac:pristine_generic finished."
+    end
+
+    desc 'Restore all permissions to factory state. Uses the pristine file and the generic pristine file'
+    task :pristine_all => :environment do
+      adapter = get_cbac_pristine_adapter
+      if adapter.database_contains_cbac_data?
+        if ENV['FORCE'] == "true"
+          puts "FORCE specified: emptying CBAC tables"
+        else
+          puts "CBAC pristine failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
+          exit
+        end
+      end
+
+      if ENV['SKIP_SNAPSHOT'] == 'true'
+        puts "\nSKIP_SNAPSHOT provided - not dumping database."
+      else
+        puts "\nDumping a snapshot of the database"
+        Rake::Task["cbac:extract_snapshot"].invoke
+      end
+      filename = ENV['PRISTINE_FILE'] || "config/cbac/cbac.pristine"
+      generic_filename = ENV['GENERIC_PRISTINE_FILE'] || "config/cbac/cbac_generic.pristine"
+      puts "Parsing pristine file #{filename} and generic pristine file #{generic_filename}"
+      pristine_file = adapter.create_pristine_file(filename)
+      generic_pristine_file = adapter.create_generic_pristine_file(generic_filename)
+      adapter.set_pristine_state([pristine_file, generic_pristine_file], true)
+      puts "Applied #{pristine_file.permissions.length.to_s} permissions and #{generic_pristine_file.permissions.length.to_s} generic permissions."
+      puts "Task cbac:pristine_all finished."
+    end
+
+    desc 'Upgrade permissions by adding them to the staging area. Does not upgrade generic permissions'
+    task :upgrade_pristine => :environment do
+      adapter = get_cbac_pristine_adapter
+      if ENV['SKIP_SNAPSHOT'] == 'true'
+        puts "\nSKIP_SNAPSHOT provided - not dumping database."
+      else
+        puts "\nDumping a snapshot of the database"
+        Rake::Task["cbac:extract_snapshot"].invoke
+      end
+
+      ENV['CHANGE_TYPE'] = 'context'
+      filename = ENV['PRISTINE_FILE'] || "config/cbac/cbac.pristine"
+      puts "Parsing pristine file #{filename}"
+
+      pristine_file = adapter.create_pristine_file(filename)
+      adapter.delete_non_generic_staged_permissions
+      puts "Deleted all staged context and administrator permissions"
+
+      adapter.stage_permissions([pristine_file])
+      puts "Staged #{adapter.number_of_non_generic_staged_permissions.to_s} permissions."
+      puts "Task cbac:upgrade_pristine finished."
+    end
+
+
+    desc 'Upgrade generic permissions by adding them to the staging area. Does not upgrade context or admin permissions.'
+    task :upgrade_pristine_generic => :environment do
+      adapter = get_cbac_pristine_adapter
+      if ENV['SKIP_SNAPSHOT'] == 'true'
+        puts "\nSKIP_SNAPSHOT provided - not dumping database."
+      else
+        puts "\nDumping a snapshot of the database"
+        Rake::Task["cbac:extract_snapshot"].invoke
+      end
+
+      ENV['CHANGE_TYPE'] = 'context'
+      generic_filename = ENV['GENERIC_PRISTINE_FILE'] || "config/cbac/cbac_generic.pristine"
+
+      puts "Parsing pristine file #{generic_filename}"
+      generic_pristine_file = adapter.create_generic_pristine_file(generic_filename)
+
+      adapter.delete_non_generic_staged_permissions
+      puts "Deleted all staged generic permissions"
+
+      adapter.stage_permissions([generic_pristine_file])
+      puts "Staged #{adapter.number_of_generic_staged_permissions.to_s} generic permissions."
+      puts "Task cbac:upgrade_pristine finished."
+    end
+
+    desc 'Upgrade all permissions by adding them to the staging area.'
+    task :upgrade_all => :environment do
+      adapter = get_cbac_pristine_adapter
+      if ENV['SKIP_SNAPSHOT'] == 'true'
+        puts "\nSKIP_SNAPSHOT provided - not dumping database."
+      else
+        puts "\nDumping a snapshot of the database"
+        Rake::Task["cbac:extract_snapshot"].invoke
+      end
+
+      ENV['CHANGE_TYPE'] = 'context'
+      filename = ENV['PRISTINE_FILE'] || "config/cbac/cbac.pristine"
+      generic_filename = ENV['GENERIC_PRISTINE_FILE'] || "config/cbac/cbac_generic.pristine"
+      puts "Parsing pristine file #{filename} and generic pristine file #{generic_filename}"
+
+      pristine_file = adapter.create_pristine_file(filename)
+      generic_pristine_file = adapter.create_generic_pristine_file(generic_filename)
+
+      adapter.delete_generic_staged_permissions
+      adapter.delete_non_generic_staged_permissions
+      puts "Deleted all current staged permissions"
+
+
+      adapter.stage_permissions([pristine_file, generic_pristine_file])
+      puts "Staged #{adapter.number_of_non_generic_staged_permissions.to_s} permissions and #{adapter.number_of_generic_staged_permissions.to_s} generic permissions."
+      puts "Task cbac:upgrade_all finished."
+    end
+end

data/test/test_cbac_privilege.rb

@@ -9,6 +9,7 @@ class CbacPrivilegeTest <  ActiveSupport::TestCase
   # methods
   def setup
     PrivilegeSet.add :cbac_privilege, "" unless PrivilegeSet.sets.include?(:cbac_privilege)
+    PrivilegeSet.add :base_inheritence_privilege, "" unless PrivilegeSet.sets.include?(:base_inheritence_privilege)
   end
 
   # Test adding get and post resources It is possible to add a resource using
@@ -28,6 +29,59 @@ class CbacPrivilegeTest <  ActiveSupport::TestCase
     end
   end
 
+  # Test the include method for single inheritence
+  def test_single_inheritence
+    Privilege.resource :base_inheritence_privilege, "single/inheritence"
+    Privilege.resource :base_inheritence_privilege, "single/inheritence/post", :post
+    PrivilegeSet.add :cbac_single_inheritence, "PrivilegeSet for single inheritence test"
+    Privilege.include :cbac_single_inheritence, :base_inheritence_privilege
+    result = Privilege.select("single/inheritence", :get)
+    assert_equal true, result.any? {|set| set.name == "base_inheritence_privilege"}, "Could not find PrivilegeSet (hint: error probably belongs to other test)"
+    assert_equal true, result.any? {|set| set.name == "cbac_single_inheritence"}, "Single inheritence failure"
+    result = Privilege.select("single/inheritence/post", :post)
+    assert_equal true, result.any? {|set| set.name == "cbac_single_inheritence"}, "Single inheritence failure with POST method"
+  end
+
+  # Test the include method for multiple inheritence
+  def test_multiple_inheritence
+    Privilege.resource :base_inheritence_privilege, "multiple/inheritence"
+    PrivilegeSet.add :base_multiple_inheritence, "parent/ base PrivilegeSet for multiple inheritence test"
+    PrivilegeSet.add :cbac_multiple_inheritence, "child PrivilegeSet for multiple inheritence test"
+    Privilege.resource :base_multiple_inheritence, "multiple/inheritence_again"
+    Privilege.include :cbac_multiple_inheritence, [:base_inheritence_privilege, :base_multiple_inheritence]
+    result = Privilege.select("multiple/inheritence", :get)
+    assert_equal true, result.any? {|set| set.name == "base_inheritence_privilege"}, "Could not find PrivilegeSet (hint: error probably belongs to other test)"
+    assert_equal true, result.any? {|set| set.name == "cbac_multiple_inheritence"}, "Multiple inheritence failure"
+    result = Privilege.select("multiple/inheritence_again", :get)
+    assert_equal true, result.any? {|set| set.name == "cbac_multiple_inheritence"}, "Multiple inheritence failure"
+  end
+
+  # Inheritence must be applied if a resource is added after an inheritence call
+  def test_inherit_resource_after_declaration
+    PrivilegeSet.add :cbac_inheritence_after_declaration, "PrivilegeSet for single inheritence test"
+    # First, we setup the inheritence relation
+    Privilege.include :cbac_inheritence_after_declaration, :base_inheritence_privilege
+    # Then, we setup the resource connection
+    Privilege.resource :base_inheritence_privilege, "inheritence/after/declaration"
+    Privilege.resource :base_inheritence_privilege, "inheritence/after/declaration/post", :post
+    # Test
+    result = Privilege.select("inheritence/after/declaration", :get)
+    assert_equal true, result.any?{|set| set.name == "base_inheritence_privilege"}, "Could not find PrivilegeSet (hint: error probably belongs to other test)"
+    assert_equal true, result.any?{|set| set.name == "cbac_inheritence_after_declaration"}, "Resource declaration after inheritence call failed"
+    result = Privilege.select("inheritence/after/declaration/post", :post)
+    assert_equal true, result.any?{|set| set.name == "cbac_inheritence_after_declaration"}, "Resource declaration after inheritence call failed with POST method"
+  end
+
+  # If the inheritence functionality is used with invalid privilege_sets, an ArgumentException must be thrown
+  def test_inheritence_with_invalid_privilege_sets
+    assert_raise(ArgumentError) do
+      Privilege.include :cbac_privilege, :invalid_privilege_set
+    end
+    assert_raise(ArgumentError) do
+      Privilege.include :invalid_privilege_set, :cbac_privilege
+    end
+  end
+
   # If an invalid action is specified, the method must raise an ArgumentError
   # exception.
   def test_add_incorrect_action

metadata

@@ -1,7 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: cbac
 version: !ruby/object:Gem::Version 
-  version: 0.3.1
+  hash: 9
+  prerelease: false
+  segments: 
+  - 0
+  - 5
+  - 1
+  version: 0.5.1
 platform: ruby
 authors: 
 - Bert Meerman
@@ -9,12 +15,12 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-02-05 00:00:00 +01:00
+date: 2010-07-15 00:00:00 +02:00
 default_executable: 
 dependencies: []
 
 description: Simple authorization system for Rails applications. Allows you to develop applications with a mixed role based authorization and a context based authorization model. Does not supply authentication.
-email: b.meerman@ogd.nl
+email: bertm@rubyforge.org
 executables: []
 
 extensions: []
@@ -22,9 +28,14 @@ extensions: []
 extra_rdoc_files: 
 - README.rdoc
 - lib/cbac.rb
+- lib/cbac/cbac_pristine/pristine.rb
+- lib/cbac/cbac_pristine/pristine_file.rb
+- lib/cbac/cbac_pristine/pristine_permission.rb
+- lib/cbac/cbac_pristine/pristine_role.rb
 - lib/cbac/config.rb
 - lib/cbac/context_role.rb
 - lib/cbac/generic_role.rb
+- lib/cbac/known_permission.rb
 - lib/cbac/membership.rb
 - lib/cbac/permission.rb
 - lib/cbac/privilege.rb
@@ -39,16 +50,20 @@ files:
 - cbac.gemspec
 - generators/cbac/USAGE
 - generators/cbac/cbac_generator.rb
+- generators/cbac/templates/config/cbac.pristine
 - generators/cbac/templates/config/context_roles.rb
 - generators/cbac/templates/config/privileges.rb
 - generators/cbac/templates/controllers/generic_roles_controller.rb
 - generators/cbac/templates/controllers/memberships_controller.rb
 - generators/cbac/templates/controllers/permissions_controller.rb
+- generators/cbac/templates/controllers/upgrade_controller.rb
 - generators/cbac/templates/fixtures/cbac_generic_roles.yml
 - generators/cbac/templates/fixtures/cbac_memberships.yml
 - generators/cbac/templates/fixtures/cbac_permissions.yml
-- generators/cbac/templates/migrate/create_cbac.rb
+- generators/cbac/templates/migrate/create_cbac_from_scratch.rb
+- generators/cbac/templates/migrate/create_cbac_upgrade_path.rb
 - generators/cbac/templates/stylesheets/cbac.css
+- generators/cbac/templates/tasks/cbac.rake
 - generators/cbac/templates/views/generic_roles/index.html.erb
 - generators/cbac/templates/views/layouts/cbac.html.erb
 - generators/cbac/templates/views/memberships/_update.html.erb
@@ -56,17 +71,29 @@ files:
 - generators/cbac/templates/views/permissions/_update_context_role.html.erb
 - generators/cbac/templates/views/permissions/_update_generic_role.html.erb
 - generators/cbac/templates/views/permissions/index.html.erb
+- generators/cbac/templates/views/upgrade/index.html.erb
 - init.rb
 - lib/cbac.rb
+- lib/cbac/cbac_pristine/pristine.rb
+- lib/cbac/cbac_pristine/pristine_file.rb
+- lib/cbac/cbac_pristine/pristine_permission.rb
+- lib/cbac/cbac_pristine/pristine_role.rb
 - lib/cbac/config.rb
 - lib/cbac/context_role.rb
 - lib/cbac/generic_role.rb
+- lib/cbac/known_permission.rb
 - lib/cbac/membership.rb
 - lib/cbac/permission.rb
 - lib/cbac/privilege.rb
 - lib/cbac/privilege_set.rb
 - lib/cbac/privilege_set_record.rb
 - lib/cbac/setup.rb
+- spec/cbac_pristine_file_spec.rb
+- spec/cbac_pristine_permission_spec.rb
+- spec/cbac_pristine_role_spec.rb
+- spec/rcov.opts
+- spec/spec.opts
+- spec/spec_helper.rb
 - tasks/cbac.rake
 - test/fixtures/cbac_generic_roles.yml
 - test/fixtures/cbac_memberships.yml
@@ -92,27 +119,34 @@ rdoc_options:
 require_paths: 
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
       version: "0"
-  version: 
 required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 11
+      segments: 
+      - 1
+      - 2
       version: "1.2"
-  version: 
 requirements: []
 
 rubyforge_project: cbac
-rubygems_version: 1.3.5
+rubygems_version: 1.3.7
 signing_key: 
 specification_version: 3
 summary: CBAC - Simple authorization system for Rails applications.
 test_files: 
-- test/test_cbac_authorize_context_roles.rb
-- test/test_cbac_authorize_generic_roles.rb
 - test/test_cbac_context_role.rb
+- test/test_cbac_authorize_context_roles.rb
 - test/test_cbac_privilege.rb
 - test/test_cbac_privilege_set.rb
+- test/test_cbac_authorize_generic_roles.rb