cbac 0.3.1 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. data/Manifest +60 -44
  2. data/Rakefile +2 -2
  3. data/cbac.gemspec +31 -31
  4. data/generators/cbac/cbac_generator.rb +27 -6
  5. data/generators/cbac/templates/config/cbac.pristine +2 -0
  6. data/generators/cbac/templates/controllers/permissions_controller.rb +21 -2
  7. data/generators/cbac/templates/controllers/upgrade_controller.rb +24 -0
  8. data/generators/cbac/templates/fixtures/cbac_memberships.yml +1 -1
  9. data/generators/cbac/templates/migrate/create_cbac_from_scratch.rb +59 -0
  10. data/generators/cbac/templates/migrate/create_cbac_upgrade_path.rb +31 -0
  11. data/generators/cbac/templates/tasks/cbac.rake +345 -0
  12. data/generators/cbac/templates/views/layouts/cbac.html.erb +2 -1
  13. data/generators/cbac/templates/views/memberships/index.html.erb +1 -1
  14. data/generators/cbac/templates/views/permissions/index.html.erb +14 -6
  15. data/generators/cbac/templates/views/upgrade/index.html.erb +32 -0
  16. data/lib/cbac.rb +23 -12
  17. data/lib/cbac/cbac_pristine/pristine.rb +133 -0
  18. data/lib/cbac/cbac_pristine/pristine_file.rb +158 -0
  19. data/lib/cbac/cbac_pristine/pristine_permission.rb +194 -0
  20. data/lib/cbac/cbac_pristine/pristine_role.rb +42 -0
  21. data/lib/cbac/known_permission.rb +14 -0
  22. data/lib/cbac/permission.rb +1 -1
  23. data/lib/cbac/privilege.rb +44 -0
  24. data/lib/cbac/privilege_set.rb +5 -4
  25. data/lib/cbac/privilege_set_record.rb +3 -1
  26. data/spec/cbac_pristine_file_spec.rb +329 -0
  27. data/spec/cbac_pristine_permission_spec.rb +358 -0
  28. data/spec/cbac_pristine_role_spec.rb +85 -0
  29. data/spec/rcov.opts +2 -0
  30. data/spec/spec.opts +4 -0
  31. data/spec/spec_helper.rb +12 -0
  32. data/tasks/cbac.rake +345 -19
  33. data/test/test_cbac_privilege.rb +54 -0
  34. metadata +43 -9
  35. data/generators/cbac/templates/migrate/create_cbac.rb +0 -40
@@ -0,0 +1,12 @@
1
+ ENV["RAILS_ENV"] ||= 'test'
2
+
3
+ require 'spec/autorun'
4
+ require 'spec/rails'
5
+
6
+ Spec::Runner.configure do |config|
7
+ # If you're not using ActiveRecord you should remove these
8
+ # lines, delete config/database.yml and disable :active_record
9
+ # in your config/boot.rb
10
+ config.use_transactional_fixtures = true
11
+ config.use_instantiated_fixtures = false
12
+ end
data/tasks/cbac.rake CHANGED
@@ -1,19 +1,345 @@
1
- # This rakefile contains the rake tasks for CBAC
2
- #
3
- # CBAC is context based access control. It enables an application to
4
- #
5
- #
6
- # cbac:setup
7
- # cbac:check
8
- #
9
- # 2009-11-27 Bert Meerman First version
10
- #
11
- namespace :cbac do
12
- namespace :check do
13
- desc "Checks all the available controller methods for missing privileges"
14
- task :mapping do
15
- load_controller_methods
16
- puts "lala"
17
- end
18
- end
19
- end
1
+ #TODO: zip (or something) the directory resulting from a snapshot and delete it
2
+ #TODO: unzip (or something) the provided snapshot and load from it, then delete temp dir
3
+ #TODO: add staging area to extracted snapshot, inserted snapshot, clearing code, etc.
4
+
5
+ #TODO: add comments to pristine lines, in a Comment() style
6
+
7
+ # WARNING: Non-changes are not saved as known_permissions when using pristine or such. THIS IS NOT A BUG! Think of the following scenario:
8
+ # 1) Developers grant permission X
9
+ # 2) User deploys. Permission X is granted in the database.
10
+ # 3) User revokes permission X
11
+ # 4) Developers revoke permission X
12
+ # 5) User upgrades. No change in permission X detected, (since devteam and user agree) so the user is not prompted to accept the change.
13
+ # 6) User grants permission X again
14
+ # 7) User upgrades again. At this point, we want the user to be warned that the devteam thinks granting this permission is not a good idea.
15
+ # This is only possible if the non-change in #5 is not registered as KnownChange
16
+
17
+ # Get a privilege set that fulfills the provided conditions
18
+ def get_privilege_set(conditions)
19
+ Cbac::PrivilegeSetRecord.first(:conditions => conditions)
20
+ end
21
+
22
+ # Get a Hash containing all entries from the provided table
23
+ def select_all(table)
24
+ ActiveRecord::Base.connection.select_all("SELECT * FROM %s;" % table)
25
+ end
26
+
27
+ # Generate a usable filename for dumping records of the specified type
28
+ def get_filename(type)
29
+ "#{ENV['SNAPSHOT_NAME']}/cbac_#{type}.yml"
30
+ end
31
+
32
+ def load_objects_from_yaml(type)
33
+ filename = get_filename(type)
34
+
35
+ Yaml.load_file(filename)
36
+ end
37
+
38
+ # Dump the specified permissions to a YAML file
39
+ def dump_permissions_to_yaml_file(permissions)
40
+ permissions.each do |cp|
41
+ privilege_set_name = get_privilege_set(:id => cp['privilege_set_id']).name
42
+ cp['privilege_set_id'] = "<%= Cbac::PrivilegeSetRecord.find(:first, :conditions => {:name => '#{privilege_set_name}'}).id %>"
43
+ end
44
+ dump_objects_to_yaml_file(permissions, "permissions")
45
+ end
46
+
47
+ # Dump a set of objects to a YAML file. Filename is determined by type-string
48
+ def dump_objects_to_yaml_file(objects, type)
49
+ filename = get_filename(type)
50
+
51
+ puts "Writing #{type} to disk"
52
+
53
+ File.open(filename, "w") do |output_file|
54
+ index = "0000"
55
+ output_file.write objects.inject({}) { |hash, record|
56
+ hash["#{type.singularize}_#{index.succ!}"] = record
57
+ hash
58
+ }.to_yaml
59
+ end
60
+ end
61
+
62
+ def get_cbac_pristine_adapter
63
+ adapter_class = Class.new
64
+ adapter_class.send :include, Cbac::CbacPristine
65
+ adapter_class.new
66
+ end
67
+
68
+ namespace :cbac do
69
+ desc 'Initialize CBAC tables with bootstrap data. Allows ADMINUSER to log in and visit CBAC administration pages. Also, if a Privilege Set called "login" exists, this privilege is granted to "everyone"'
70
+ task :bootstrap => :environment do
71
+ adapter = get_cbac_pristine_adapter
72
+ if adapter.database_contains_cbac_data?
73
+ if ENV['FORCE'] == "true"
74
+ puts "FORCE specified: emptying CBAC tables"
75
+ adapter.clear_cbac_tables
76
+ else
77
+ puts "CBAC bootstrap failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
78
+ exit
79
+ end
80
+ end
81
+
82
+ adminuser = ENV['ADMINUSER'] || 1
83
+ login_privilege_set = get_privilege_set(:name => "login")
84
+ everybody_context_role = ContextRole.roles[:everybody]
85
+ if !login_privilege_set.nil? and !everybody_context_role.nil?
86
+ puts "Login privilege exists. Allowing context role 'everybody' to use login privilege"
87
+ login_permission = Cbac::Permission.new(:context_role => 'everybody', :privilege_set_id => login_privilege_set.id)
88
+ throw "Failed to save Login Permission" unless login_permission.save
89
+ end
90
+
91
+ puts "Creating Generic Role: administrators"
92
+ admin_role = Cbac::GenericRole.new(:name => "administrators", :remarks => "System administrators - may edit CBAC permissions")
93
+ throw "Failed to save new Generic Role" unless admin_role.save
94
+
95
+ puts "Creating Administrator Membership for user #{adminuser}"
96
+ membership = Cbac::Membership.new(:user_id => adminuser, :generic_role_id => admin_role.id)
97
+ throw "Failed to save new Administrator Membership" unless membership.save
98
+
99
+ begin
100
+ admin_privilege_set_id = get_privilege_set({:name => 'cbac_administration'}).id
101
+ rescue
102
+ throw "No PrivilegeSet cbac_administration defined. Aborting."
103
+ end
104
+ cbac_admin_permission = Cbac::Permission.new(:generic_role_id => admin_role.id, :privilege_set_id => admin_privilege_set_id)
105
+ throw "Failed to save Cbac_Administration Permission" unless cbac_admin_permission.save
106
+
107
+ puts <<EOF
108
+ **********************************************************
109
+ * Succesfully bootstrapped CBAC. The specified user (# #{adminuser} ) *
110
+ * may now visit the cbac administration pages, which are *
111
+ * located at the URL /cbac/permissions/index by default *
112
+ **********************************************************
113
+ EOF
114
+ end
115
+
116
+ desc 'Extract a snapshot of the current authorization settings, which can later be restored using the restore_snapshot task. Parameter SNAPSHOT_NAME determines where the snapshot is stored'
117
+ task :extract_snapshot => :environment do
118
+ if ENV['SNAPSHOT_NAME'].nil?
119
+ puts "Missing argument SNAPSHOT_NAME. Substituting timestamp for SNAPSHOT_NAME"
120
+ require 'date'
121
+ ENV['SNAPSHOT_NAME'] = DateTime.now.strftime("%Y%m%d%H%M%S")
122
+ end
123
+
124
+ if File::exists?(ENV['SNAPSHOT_NAME']) # Directory already exists!
125
+ if ENV['FORCE'] == "true"
126
+ puts "FORCE specified - overwriting older snapshot with same name."
127
+ else
128
+ puts "A snapshot with the given name (#{ENV['SNAPSHOT_NAME']}) already exists, and overwriting is dangerous. Specify FORCE=true to override this check"
129
+ exit
130
+ end
131
+ else # Directory does not exist yet
132
+ FileUtils.mkdir(ENV['SNAPSHOT_NAME'])
133
+ end
134
+
135
+ puts "Extracting CBAC permissions to #{ENV['SNAPSHOT_NAME']}"
136
+
137
+ # Don't need privilege sets since they are loaded from a config file.
138
+ staged_changes = select_all "cbac_staged_permissions"
139
+ dump_objects_to_yaml_file(staged_changes, "staged_permissions")
140
+
141
+ staged_roles = select_all "cbac_staged_roles"
142
+ dump_objects_to_yaml_file(staged_roles, "staged_roles")
143
+
144
+ permissions = select_all "cbac_permissions"
145
+ dump_permissions_to_yaml_file(permissions)
146
+
147
+ generic_roles = select_all "cbac_generic_roles"
148
+ dump_objects_to_yaml_file(generic_roles, "generic_roles")
149
+
150
+ memberships = select_all "cbac_memberships"
151
+ dump_objects_to_yaml_file(memberships, "memberships")
152
+
153
+ known_permissions = select_all "cbac_known_permissions"
154
+ dump_objects_to_yaml_file(known_permissions, "known_permissions")
155
+ end
156
+
157
+ desc 'Restore a snapshot of authorization settings that was extracted earlier. Specify a snapshot using SNAPSHOT_NAME'
158
+ task :restore_snapshot => :environment do
159
+ adapter = get_cbac_pristine_adapter
160
+ if ENV['SNAPSHOT_NAME'].nil?
161
+ puts "Missing required parameter SNAPSHOT_NAME. Exiting."
162
+ exit
163
+ elsif adapter.database_contains_cbac_data?
164
+ if ENV['FORCE'] == "true"
165
+ puts "FORCE specified: emptying CBAC tables"
166
+ adapter.clear_cbac_tables
167
+ else
168
+ puts "Reloading snapshot failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
169
+ exit
170
+ end
171
+ end
172
+
173
+ puts "Restoring snapshot #{ENV['SNAPSHOT_NAME']}"
174
+
175
+ ENV['FIXTURES_PATH'] = ENV['SNAPSHOT_NAME']
176
+
177
+ # Don't need privilege sets since they are loaded from a config file.
178
+ ENV['FIXTURES'] = "cbac_generic_roles,cbac_memberships,cbac_known_permissions,cbac_permissions,cbac_staged_permissions, cbac_staged_roles"
179
+
180
+ Rake::Task["db:fixtures:load"].invoke
181
+ puts "Successfully restored snapshot."
182
+ #TODO: check if rake task was successful. else
183
+ # puts "Restoring snapshot failed."
184
+ #end
185
+ end
186
+
187
+ desc 'Restore permissions to factory settings by loading the pristine file into the database'
188
+ task :pristine => :environment do
189
+ adapter = get_cbac_pristine_adapter
190
+ if adapter.database_contains_cbac_data?
191
+ if ENV['FORCE'] == "true"
192
+ puts "FORCE specified: emptying CBAC tables"
193
+ else
194
+ puts "CBAC pristine failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
195
+ exit
196
+ end
197
+ end
198
+
199
+ if ENV['SKIP_SNAPSHOT'] == 'true'
200
+ puts "\nSKIP_SNAPSHOT provided - not dumping database."
201
+ else
202
+ puts "\nDumping a snapshot of the database"
203
+ Rake::Task["cbac:extract_snapshot"].invoke
204
+ end
205
+ filename = ENV['PRISTINE_FILE'] || "config/cbac/cbac.pristine"
206
+ puts "Parsing pristine file #{filename}"
207
+ pristine_file = adapter.create_pristine_file(filename)
208
+ adapter.set_pristine_state([pristine_file], true)
209
+ puts "Applied #{pristine_file.permissions.length.to_s} permissions."
210
+ puts "Task cbac:pristine finished."
211
+ end
212
+
213
+ desc 'Restore generic permissions to factory settings'
214
+ task :pristine_generic => :environment do
215
+ adapter = get_cbac_pristine_adapter
216
+ if adapter.database_contains_cbac_data?
217
+ if ENV['FORCE'] == "true"
218
+ puts "FORCE specified. Dropping all generic permissions and replacing them with generic pristine"
219
+ adapter.delete_generic_known_permissions
220
+ adapter.delete_generic_permissions
221
+ else
222
+ puts "CBAC pristine failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
223
+ exit
224
+ end
225
+ end
226
+
227
+ if ENV['SKIP_SNAPSHOT'] == 'true'
228
+ puts "\nSKIP_SNAPSHOT provided - not dumping database."
229
+ else
230
+ puts "\nDumping a snapshot of the database"
231
+ Rake::Task["cbac:extract_snapshot"].invoke
232
+ end
233
+
234
+ filename = ENV['GENERIC_PRISTINE_FILE'] || "config/cbac/cbac_generic.pristine"
235
+ puts "Parsing pristine file #{filename}"
236
+ pristine_file = adapter.create_generic_pristine_file(filename)
237
+ adapter.set_pristine_state([pristine_file], false)
238
+ puts "Applied #{pristine_file.permissions.length.to_s} permissions."
239
+ puts "Task cbac:pristine_generic finished."
240
+ end
241
+
242
+ desc 'Restore all permissions to factory state. Uses the pristine file and the generic pristine file'
243
+ task :pristine_all => :environment do
244
+ adapter = get_cbac_pristine_adapter
245
+ if adapter.database_contains_cbac_data?
246
+ if ENV['FORCE'] == "true"
247
+ puts "FORCE specified: emptying CBAC tables"
248
+ else
249
+ puts "CBAC pristine failed: CBAC tables are nonempty. Specify FORCE=true to override this check and empty the tables"
250
+ exit
251
+ end
252
+ end
253
+
254
+ if ENV['SKIP_SNAPSHOT'] == 'true'
255
+ puts "\nSKIP_SNAPSHOT provided - not dumping database."
256
+ else
257
+ puts "\nDumping a snapshot of the database"
258
+ Rake::Task["cbac:extract_snapshot"].invoke
259
+ end
260
+ filename = ENV['PRISTINE_FILE'] || "config/cbac/cbac.pristine"
261
+ generic_filename = ENV['GENERIC_PRISTINE_FILE'] || "config/cbac/cbac_generic.pristine"
262
+ puts "Parsing pristine file #{filename} and generic pristine file #{generic_filename}"
263
+ pristine_file = adapter.create_pristine_file(filename)
264
+ generic_pristine_file = adapter.create_generic_pristine_file(generic_filename)
265
+ adapter.set_pristine_state([pristine_file, generic_pristine_file], true)
266
+ puts "Applied #{pristine_file.permissions.length.to_s} permissions and #{generic_pristine_file.permissions.length.to_s} generic permissions."
267
+ puts "Task cbac:pristine_all finished."
268
+ end
269
+
270
+ desc 'Upgrade permissions by adding them to the staging area. Does not upgrade generic permissions'
271
+ task :upgrade_pristine => :environment do
272
+ adapter = get_cbac_pristine_adapter
273
+ if ENV['SKIP_SNAPSHOT'] == 'true'
274
+ puts "\nSKIP_SNAPSHOT provided - not dumping database."
275
+ else
276
+ puts "\nDumping a snapshot of the database"
277
+ Rake::Task["cbac:extract_snapshot"].invoke
278
+ end
279
+
280
+ ENV['CHANGE_TYPE'] = 'context'
281
+ filename = ENV['PRISTINE_FILE'] || "config/cbac/cbac.pristine"
282
+ puts "Parsing pristine file #{filename}"
283
+
284
+ pristine_file = adapter.create_pristine_file(filename)
285
+ adapter.delete_non_generic_staged_permissions
286
+ puts "Deleted all staged context and administrator permissions"
287
+
288
+ adapter.stage_permissions([pristine_file])
289
+ puts "Staged #{adapter.number_of_non_generic_staged_permissions.to_s} permissions."
290
+ puts "Task cbac:upgrade_pristine finished."
291
+ end
292
+
293
+
294
+ desc 'Upgrade generic permissions by adding them to the staging area. Does not upgrade context or admin permissions.'
295
+ task :upgrade_pristine_generic => :environment do
296
+ adapter = get_cbac_pristine_adapter
297
+ if ENV['SKIP_SNAPSHOT'] == 'true'
298
+ puts "\nSKIP_SNAPSHOT provided - not dumping database."
299
+ else
300
+ puts "\nDumping a snapshot of the database"
301
+ Rake::Task["cbac:extract_snapshot"].invoke
302
+ end
303
+
304
+ ENV['CHANGE_TYPE'] = 'context'
305
+ generic_filename = ENV['GENERIC_PRISTINE_FILE'] || "config/cbac/cbac_generic.pristine"
306
+
307
+ puts "Parsing pristine file #{generic_filename}"
308
+ generic_pristine_file = adapter.create_generic_pristine_file(generic_filename)
309
+
310
+ adapter.delete_non_generic_staged_permissions
311
+ puts "Deleted all staged generic permissions"
312
+
313
+ adapter.stage_permissions([generic_pristine_file])
314
+ puts "Staged #{adapter.number_of_generic_staged_permissions.to_s} generic permissions."
315
+ puts "Task cbac:upgrade_pristine finished."
316
+ end
317
+
318
+ desc 'Upgrade all permissions by adding them to the staging area.'
319
+ task :upgrade_all => :environment do
320
+ adapter = get_cbac_pristine_adapter
321
+ if ENV['SKIP_SNAPSHOT'] == 'true'
322
+ puts "\nSKIP_SNAPSHOT provided - not dumping database."
323
+ else
324
+ puts "\nDumping a snapshot of the database"
325
+ Rake::Task["cbac:extract_snapshot"].invoke
326
+ end
327
+
328
+ ENV['CHANGE_TYPE'] = 'context'
329
+ filename = ENV['PRISTINE_FILE'] || "config/cbac/cbac.pristine"
330
+ generic_filename = ENV['GENERIC_PRISTINE_FILE'] || "config/cbac/cbac_generic.pristine"
331
+ puts "Parsing pristine file #{filename} and generic pristine file #{generic_filename}"
332
+
333
+ pristine_file = adapter.create_pristine_file(filename)
334
+ generic_pristine_file = adapter.create_generic_pristine_file(generic_filename)
335
+
336
+ adapter.delete_generic_staged_permissions
337
+ adapter.delete_non_generic_staged_permissions
338
+ puts "Deleted all current staged permissions"
339
+
340
+
341
+ adapter.stage_permissions([pristine_file, generic_pristine_file])
342
+ puts "Staged #{adapter.number_of_non_generic_staged_permissions.to_s} permissions and #{adapter.number_of_generic_staged_permissions.to_s} generic permissions."
343
+ puts "Task cbac:upgrade_all finished."
344
+ end
345
+ end
@@ -9,6 +9,7 @@ class CbacPrivilegeTest < ActiveSupport::TestCase
9
9
  # methods
10
10
  def setup
11
11
  PrivilegeSet.add :cbac_privilege, "" unless PrivilegeSet.sets.include?(:cbac_privilege)
12
+ PrivilegeSet.add :base_inheritence_privilege, "" unless PrivilegeSet.sets.include?(:base_inheritence_privilege)
12
13
  end
13
14
 
14
15
  # Test adding get and post resources It is possible to add a resource using
@@ -28,6 +29,59 @@ class CbacPrivilegeTest < ActiveSupport::TestCase
28
29
  end
29
30
  end
30
31
 
32
+ # Test the include method for single inheritence
33
+ def test_single_inheritence
34
+ Privilege.resource :base_inheritence_privilege, "single/inheritence"
35
+ Privilege.resource :base_inheritence_privilege, "single/inheritence/post", :post
36
+ PrivilegeSet.add :cbac_single_inheritence, "PrivilegeSet for single inheritence test"
37
+ Privilege.include :cbac_single_inheritence, :base_inheritence_privilege
38
+ result = Privilege.select("single/inheritence", :get)
39
+ assert_equal true, result.any? {|set| set.name == "base_inheritence_privilege"}, "Could not find PrivilegeSet (hint: error probably belongs to other test)"
40
+ assert_equal true, result.any? {|set| set.name == "cbac_single_inheritence"}, "Single inheritence failure"
41
+ result = Privilege.select("single/inheritence/post", :post)
42
+ assert_equal true, result.any? {|set| set.name == "cbac_single_inheritence"}, "Single inheritence failure with POST method"
43
+ end
44
+
45
+ # Test the include method for multiple inheritence
46
+ def test_multiple_inheritence
47
+ Privilege.resource :base_inheritence_privilege, "multiple/inheritence"
48
+ PrivilegeSet.add :base_multiple_inheritence, "parent/ base PrivilegeSet for multiple inheritence test"
49
+ PrivilegeSet.add :cbac_multiple_inheritence, "child PrivilegeSet for multiple inheritence test"
50
+ Privilege.resource :base_multiple_inheritence, "multiple/inheritence_again"
51
+ Privilege.include :cbac_multiple_inheritence, [:base_inheritence_privilege, :base_multiple_inheritence]
52
+ result = Privilege.select("multiple/inheritence", :get)
53
+ assert_equal true, result.any? {|set| set.name == "base_inheritence_privilege"}, "Could not find PrivilegeSet (hint: error probably belongs to other test)"
54
+ assert_equal true, result.any? {|set| set.name == "cbac_multiple_inheritence"}, "Multiple inheritence failure"
55
+ result = Privilege.select("multiple/inheritence_again", :get)
56
+ assert_equal true, result.any? {|set| set.name == "cbac_multiple_inheritence"}, "Multiple inheritence failure"
57
+ end
58
+
59
+ # Inheritence must be applied if a resource is added after an inheritence call
60
+ def test_inherit_resource_after_declaration
61
+ PrivilegeSet.add :cbac_inheritence_after_declaration, "PrivilegeSet for single inheritence test"
62
+ # First, we setup the inheritence relation
63
+ Privilege.include :cbac_inheritence_after_declaration, :base_inheritence_privilege
64
+ # Then, we setup the resource connection
65
+ Privilege.resource :base_inheritence_privilege, "inheritence/after/declaration"
66
+ Privilege.resource :base_inheritence_privilege, "inheritence/after/declaration/post", :post
67
+ # Test
68
+ result = Privilege.select("inheritence/after/declaration", :get)
69
+ assert_equal true, result.any?{|set| set.name == "base_inheritence_privilege"}, "Could not find PrivilegeSet (hint: error probably belongs to other test)"
70
+ assert_equal true, result.any?{|set| set.name == "cbac_inheritence_after_declaration"}, "Resource declaration after inheritence call failed"
71
+ result = Privilege.select("inheritence/after/declaration/post", :post)
72
+ assert_equal true, result.any?{|set| set.name == "cbac_inheritence_after_declaration"}, "Resource declaration after inheritence call failed with POST method"
73
+ end
74
+
75
+ # If the inheritence functionality is used with invalid privilege_sets, an ArgumentException must be thrown
76
+ def test_inheritence_with_invalid_privilege_sets
77
+ assert_raise(ArgumentError) do
78
+ Privilege.include :cbac_privilege, :invalid_privilege_set
79
+ end
80
+ assert_raise(ArgumentError) do
81
+ Privilege.include :invalid_privilege_set, :cbac_privilege
82
+ end
83
+ end
84
+
31
85
  # If an invalid action is specified, the method must raise an ArgumentError
32
86
  # exception.
33
87
  def test_add_incorrect_action
metadata CHANGED
@@ -1,7 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cbac
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.3.1
4
+ hash: 9
5
+ prerelease: false
6
+ segments:
7
+ - 0
8
+ - 5
9
+ - 1
10
+ version: 0.5.1
5
11
  platform: ruby
6
12
  authors:
7
13
  - Bert Meerman
@@ -9,12 +15,12 @@ autorequire:
9
15
  bindir: bin
10
16
  cert_chain: []
11
17
 
12
- date: 2010-02-05 00:00:00 +01:00
18
+ date: 2010-07-15 00:00:00 +02:00
13
19
  default_executable:
14
20
  dependencies: []
15
21
 
16
22
  description: Simple authorization system for Rails applications. Allows you to develop applications with a mixed role based authorization and a context based authorization model. Does not supply authentication.
17
- email: b.meerman@ogd.nl
23
+ email: bertm@rubyforge.org
18
24
  executables: []
19
25
 
20
26
  extensions: []
@@ -22,9 +28,14 @@ extensions: []
22
28
  extra_rdoc_files:
23
29
  - README.rdoc
24
30
  - lib/cbac.rb
31
+ - lib/cbac/cbac_pristine/pristine.rb
32
+ - lib/cbac/cbac_pristine/pristine_file.rb
33
+ - lib/cbac/cbac_pristine/pristine_permission.rb
34
+ - lib/cbac/cbac_pristine/pristine_role.rb
25
35
  - lib/cbac/config.rb
26
36
  - lib/cbac/context_role.rb
27
37
  - lib/cbac/generic_role.rb
38
+ - lib/cbac/known_permission.rb
28
39
  - lib/cbac/membership.rb
29
40
  - lib/cbac/permission.rb
30
41
  - lib/cbac/privilege.rb
@@ -39,16 +50,20 @@ files:
39
50
  - cbac.gemspec
40
51
  - generators/cbac/USAGE
41
52
  - generators/cbac/cbac_generator.rb
53
+ - generators/cbac/templates/config/cbac.pristine
42
54
  - generators/cbac/templates/config/context_roles.rb
43
55
  - generators/cbac/templates/config/privileges.rb
44
56
  - generators/cbac/templates/controllers/generic_roles_controller.rb
45
57
  - generators/cbac/templates/controllers/memberships_controller.rb
46
58
  - generators/cbac/templates/controllers/permissions_controller.rb
59
+ - generators/cbac/templates/controllers/upgrade_controller.rb
47
60
  - generators/cbac/templates/fixtures/cbac_generic_roles.yml
48
61
  - generators/cbac/templates/fixtures/cbac_memberships.yml
49
62
  - generators/cbac/templates/fixtures/cbac_permissions.yml
50
- - generators/cbac/templates/migrate/create_cbac.rb
63
+ - generators/cbac/templates/migrate/create_cbac_from_scratch.rb
64
+ - generators/cbac/templates/migrate/create_cbac_upgrade_path.rb
51
65
  - generators/cbac/templates/stylesheets/cbac.css
66
+ - generators/cbac/templates/tasks/cbac.rake
52
67
  - generators/cbac/templates/views/generic_roles/index.html.erb
53
68
  - generators/cbac/templates/views/layouts/cbac.html.erb
54
69
  - generators/cbac/templates/views/memberships/_update.html.erb
@@ -56,17 +71,29 @@ files:
56
71
  - generators/cbac/templates/views/permissions/_update_context_role.html.erb
57
72
  - generators/cbac/templates/views/permissions/_update_generic_role.html.erb
58
73
  - generators/cbac/templates/views/permissions/index.html.erb
74
+ - generators/cbac/templates/views/upgrade/index.html.erb
59
75
  - init.rb
60
76
  - lib/cbac.rb
77
+ - lib/cbac/cbac_pristine/pristine.rb
78
+ - lib/cbac/cbac_pristine/pristine_file.rb
79
+ - lib/cbac/cbac_pristine/pristine_permission.rb
80
+ - lib/cbac/cbac_pristine/pristine_role.rb
61
81
  - lib/cbac/config.rb
62
82
  - lib/cbac/context_role.rb
63
83
  - lib/cbac/generic_role.rb
84
+ - lib/cbac/known_permission.rb
64
85
  - lib/cbac/membership.rb
65
86
  - lib/cbac/permission.rb
66
87
  - lib/cbac/privilege.rb
67
88
  - lib/cbac/privilege_set.rb
68
89
  - lib/cbac/privilege_set_record.rb
69
90
  - lib/cbac/setup.rb
91
+ - spec/cbac_pristine_file_spec.rb
92
+ - spec/cbac_pristine_permission_spec.rb
93
+ - spec/cbac_pristine_role_spec.rb
94
+ - spec/rcov.opts
95
+ - spec/spec.opts
96
+ - spec/spec_helper.rb
70
97
  - tasks/cbac.rake
71
98
  - test/fixtures/cbac_generic_roles.yml
72
99
  - test/fixtures/cbac_memberships.yml
@@ -92,27 +119,34 @@ rdoc_options:
92
119
  require_paths:
93
120
  - lib
94
121
  required_ruby_version: !ruby/object:Gem::Requirement
122
+ none: false
95
123
  requirements:
96
124
  - - ">="
97
125
  - !ruby/object:Gem::Version
126
+ hash: 3
127
+ segments:
128
+ - 0
98
129
  version: "0"
99
- version:
100
130
  required_rubygems_version: !ruby/object:Gem::Requirement
131
+ none: false
101
132
  requirements:
102
133
  - - ">="
103
134
  - !ruby/object:Gem::Version
135
+ hash: 11
136
+ segments:
137
+ - 1
138
+ - 2
104
139
  version: "1.2"
105
- version:
106
140
  requirements: []
107
141
 
108
142
  rubyforge_project: cbac
109
- rubygems_version: 1.3.5
143
+ rubygems_version: 1.3.7
110
144
  signing_key:
111
145
  specification_version: 3
112
146
  summary: CBAC - Simple authorization system for Rails applications.
113
147
  test_files:
114
- - test/test_cbac_authorize_context_roles.rb
115
- - test/test_cbac_authorize_generic_roles.rb
116
148
  - test/test_cbac_context_role.rb
149
+ - test/test_cbac_authorize_context_roles.rb
117
150
  - test/test_cbac_privilege.rb
118
151
  - test/test_cbac_privilege_set.rb
152
+ - test/test_cbac_authorize_generic_roles.rb