cbac 0.3.1

data/Manifest

@@ -0,0 +1,44 @@
+Manifest
+README.rdoc
+Rakefile
+cbac.gemspec
+generators/cbac/USAGE
+generators/cbac/cbac_generator.rb
+generators/cbac/templates/config/context_roles.rb
+generators/cbac/templates/config/privileges.rb
+generators/cbac/templates/controllers/generic_roles_controller.rb
+generators/cbac/templates/controllers/memberships_controller.rb
+generators/cbac/templates/controllers/permissions_controller.rb
+generators/cbac/templates/fixtures/cbac_generic_roles.yml
+generators/cbac/templates/fixtures/cbac_memberships.yml
+generators/cbac/templates/fixtures/cbac_permissions.yml
+generators/cbac/templates/migrate/create_cbac.rb
+generators/cbac/templates/stylesheets/cbac.css
+generators/cbac/templates/views/generic_roles/index.html.erb
+generators/cbac/templates/views/layouts/cbac.html.erb
+generators/cbac/templates/views/memberships/_update.html.erb
+generators/cbac/templates/views/memberships/index.html.erb
+generators/cbac/templates/views/permissions/_update_context_role.html.erb
+generators/cbac/templates/views/permissions/_update_generic_role.html.erb
+generators/cbac/templates/views/permissions/index.html.erb
+init.rb
+lib/cbac.rb
+lib/cbac/config.rb
+lib/cbac/context_role.rb
+lib/cbac/generic_role.rb
+lib/cbac/membership.rb
+lib/cbac/permission.rb
+lib/cbac/privilege.rb
+lib/cbac/privilege_set.rb
+lib/cbac/privilege_set_record.rb
+lib/cbac/setup.rb
+tasks/cbac.rake
+test/fixtures/cbac_generic_roles.yml
+test/fixtures/cbac_memberships.yml
+test/fixtures/cbac_permissions.yml
+test/fixtures/cbac_privilege_set.yml
+test/test_cbac_authorize_context_roles.rb
+test/test_cbac_authorize_generic_roles.rb
+test/test_cbac_context_role.rb
+test/test_cbac_privilege.rb
+test/test_cbac_privilege_set.rb

data/README.rdoc

@@ -0,0 +1,48 @@
+= Context Based Access Control
+
+== DESCRIPTION:
+Easy to use, light-weight authorization system for Rails applications.
+
+
+== FEATURES:
+- Authorize users via roles/ groups
+- Authorize users via the context of their request
+
+== SYNOPSIS:
+Context Based Access Control allows you to build a Rails application with
+both generic roles as well as context roles. The generic role part allows
+an application to authorize users with a conventional role system. The context
+part allows an application to authorize with a combination of the user
+credentials and the context of the requested action.
+
+== REQUIREMENTS:
+
+== INSTALL:
+The gem can be installed using the 'gem' command.
+gem install cbac
+
+To use the gem, see the documentation at cbac.rubyforge.org.
+== LICENSE:
+
+(The MIT License)
+
+Copyright (c) 2009 Bert Meerman
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/Rakefile

@@ -0,0 +1,36 @@
+# Rakefile
+require 'rubygems'
+require 'rake'
+require 'rake/testtask'
+require 'rake/rdoctask'
+require 'echoe'
+
+desc 'Default: run unit tests.'
+task :default => :test
+
+desc 'Test CBAC plugin.'
+Rake::TestTask.new(:test) do |t|
+  t.libs << 'lib'
+  t.pattern = 'test/**/test_*.rb'
+  t.verbose = true
+end
+
+desc 'Generate documentation for CBAC plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title    = 'Cbac'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end
+
+Echoe.new('cbac', '0.3.1') do |p|
+  p.summary        = "CBAC - Simple authorization system for Rails applications."
+  p.description    = "Simple authorization system for Rails applications. Allows you to develop applications with a mixed role based authorization and a context based authorization model. Does not supply authentication."
+  p.url            = "http://cbac.rubyforge.org"
+  p.author         = "Bert Meerman"
+  p.email          = "b.meerman@ogd.nl"
+  p.ignore_pattern = []
+  p.development_dependencies = []
+end
+

data/cbac.gemspec

@@ -0,0 +1,31 @@
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{cbac}
+  s.version = "0.3.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Bert Meerman"]
+  s.date = %q{2010-02-05}
+  s.description = %q{Simple authorization system for Rails applications. Allows you to develop applications with a mixed role based authorization and a context based authorization model. Does not supply authentication.}
+  s.email = %q{b.meerman@ogd.nl}
+  s.extra_rdoc_files = ["README.rdoc", "lib/cbac.rb", "lib/cbac/config.rb", "lib/cbac/context_role.rb", "lib/cbac/generic_role.rb", "lib/cbac/membership.rb", "lib/cbac/permission.rb", "lib/cbac/privilege.rb", "lib/cbac/privilege_set.rb", "lib/cbac/privilege_set_record.rb", "lib/cbac/setup.rb", "tasks/cbac.rake"]
+  s.files = ["Manifest", "README.rdoc", "Rakefile", "cbac.gemspec", "generators/cbac/USAGE", "generators/cbac/cbac_generator.rb", "generators/cbac/templates/config/context_roles.rb", "generators/cbac/templates/config/privileges.rb", "generators/cbac/templates/controllers/generic_roles_controller.rb", "generators/cbac/templates/controllers/memberships_controller.rb", "generators/cbac/templates/controllers/permissions_controller.rb", "generators/cbac/templates/fixtures/cbac_generic_roles.yml", "generators/cbac/templates/fixtures/cbac_memberships.yml", "generators/cbac/templates/fixtures/cbac_permissions.yml", "generators/cbac/templates/migrate/create_cbac.rb", "generators/cbac/templates/stylesheets/cbac.css", "generators/cbac/templates/views/generic_roles/index.html.erb", "generators/cbac/templates/views/layouts/cbac.html.erb", "generators/cbac/templates/views/memberships/_update.html.erb", "generators/cbac/templates/views/memberships/index.html.erb", "generators/cbac/templates/views/permissions/_update_context_role.html.erb", "generators/cbac/templates/views/permissions/_update_generic_role.html.erb", "generators/cbac/templates/views/permissions/index.html.erb", "init.rb", "lib/cbac.rb", "lib/cbac/config.rb", "lib/cbac/context_role.rb", "lib/cbac/generic_role.rb", "lib/cbac/membership.rb", "lib/cbac/permission.rb", "lib/cbac/privilege.rb", "lib/cbac/privilege_set.rb", "lib/cbac/privilege_set_record.rb", "lib/cbac/setup.rb", "tasks/cbac.rake", "test/fixtures/cbac_generic_roles.yml", "test/fixtures/cbac_memberships.yml", "test/fixtures/cbac_permissions.yml", "test/fixtures/cbac_privilege_set.yml", "test/test_cbac_authorize_context_roles.rb", "test/test_cbac_authorize_generic_roles.rb", "test/test_cbac_context_role.rb", "test/test_cbac_privilege.rb", "test/test_cbac_privilege_set.rb"]
+  s.homepage = %q{http://cbac.rubyforge.org}
+  s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Cbac", "--main", "README.rdoc"]
+  s.require_paths = ["lib"]
+  s.rubyforge_project = %q{cbac}
+  s.rubygems_version = %q{1.3.5}
+  s.summary = %q{CBAC - Simple authorization system for Rails applications.}
+  s.test_files = ["test/test_cbac_authorize_context_roles.rb", "test/test_cbac_authorize_generic_roles.rb", "test/test_cbac_context_role.rb", "test/test_cbac_privilege.rb", "test/test_cbac_privilege_set.rb"]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+    else
+    end
+  else
+  end
+end

data/generators/cbac/USAGE

@@ -0,0 +1,34 @@
+NAME
+     cbac - Generator scripts for the Context Based Access Control system
+
+SYNOPSIS
+     cbac
+     
+DESCRIPTION
+     This generator creates the basic setup for the CBAC system.
+
+     Included:
+      - config/privileges.rb
+      - config/context_roles.rb
+      - db/migrate/create_cbac.rb
+      - app/controllers/cbac/generic_roles_controller.rb
+      - app/controllers/cbac/memberships_controller.rb
+      - app/controllers/cbac/permissions_controller.rb
+      - app/views/layouts/cbac.html.erb
+      - app/views/cbac/generic_roles/index.html.erb
+      - app/views/cbac/memberships/index.html.erb
+      - app/views/cbac/memberships/_update.html.erb
+      - app/views/cbac/permissions/index.html.erb
+      - app/views/cbac/permissions/_update.html.erb
+      - public/stylesheets/cbac.css
+      - test/fixtures/cbac_permissions.yml
+      - test/fixtures/cbac_generic_roles.yml
+      - test/fixtures/cbac_memberships.yml
+
+            
+EXAMPLE
+      ./script/generate cbac
+
+MORE INFO
+	http://cbac.rubyforge.org/
+	

data/generators/cbac/cbac_generator.rb

@@ -0,0 +1,45 @@
+require 'rbconfig'
+
+class CbacGenerator < Rails::Generator::Base
+  def initialize(runtime_args, runtime_options = {})
+    super
+    #puts runtime_args
+    #raise "silently quiting"
+  end
+
+  def manifest
+    record do |m|
+      # developer files
+      m.file "config/privileges.rb", "config/privileges.rb", :collision => :skip
+      m.file "config/context_roles.rb", "config/context_roles.rb", :collision => :skip
+
+      # administration pages
+      m.directory "app/controllers/cbac"
+      m.file "controllers/permissions_controller.rb", "app/controllers/cbac/permissions_controller.rb"
+      m.file "controllers/generic_roles_controller.rb", "app/controllers/cbac/generic_roles_controller.rb"
+      m.file "controllers/memberships_controller.rb", "app/controllers/cbac/memberships_controller.rb"
+      m.directory "app/views/layouts"
+      m.file "views/layouts/cbac.html.erb", "app/views/layouts/cbac.html.erb"
+      m.directory "app/views/cbac"
+      m.directory "app/views/cbac/permissions"
+      m.directory "app/views/cbac/generic_roles"
+      m.directory "app/views/cbac/memberships"
+      m.file "views/permissions/index.html.erb", "app/views/cbac/permissions/index.html.erb"
+      m.file "views/permissions/_update_context_role.html.erb", "app/views/cbac/permissions/_update_context_role.html.erb"
+      m.file "views/permissions/_update_generic_role.html.erb", "app/views/cbac/permissions/_update_generic_role.html.erb"
+      m.file "views/generic_roles/index.html.erb", "app/views/cbac/generic_roles/index.html.erb"
+      m.file "views/memberships/index.html.erb", "app/views/cbac/memberships/index.html.erb"
+      m.file "views/memberships/_update.html.erb", "app/views/cbac/memberships/_update.html.erb"
+      m.directory "public/stylesheets"
+      m.file "stylesheets/cbac.css", "public/stylesheets/cbac.css"
+
+      # migrations
+      m.migration_template "migrate/create_cbac.rb", "db/migrate", {:migration_file_name => "create_cbac"}
+
+      # default fixtures
+      m.file "fixtures/cbac_permissions.yml", "test/fixtures/cbac_permissions.yml"
+      m.file "fixtures/cbac_generic_roles.yml", "test/fixtures/cbac_generic_roles.yml"
+      m.file "fixtures/cbac_memberships.yml", "test/fixtures/cbac_memberships.yml"
+    end
+  end  
+end

data/generators/cbac/templates/config/context_roles.rb

@@ -0,0 +1,10 @@
+### context_roles.rb
+#
+# Defines the context roles for the CBAC system
+#
+include Cbac
+
+# Defining context roles
+ContextRole.add :everybody, 'true'
+ContextRole.add :not_logged_in_user, 'current_user.to_i == 0'
+ContextRole.add :logged_in_user, 'current_user.to_i > 0'

data/generators/cbac/templates/config/privileges.rb

@@ -0,0 +1,30 @@
+### Privileges.rb
+#
+# Defines the privilegesets and privileges for the CBAC system
+#
+include Cbac
+
+# Defining privilegesets
+PrivilegeSet.add :cbac_administration, "Allows administration of CBAC modules"
+
+# Defining privileges on controller methods (REST resources)
+Privilege.resource :cbac_administration, "cbac/permissions/index"
+Privilege.resource :cbac_administration, "cbac/permissions/create", :post
+Privilege.resource :cbac_administration, "cbac/memberships/index"
+Privilege.resource :cbac_administration, "cbac/memberships/create", :post
+Privilege.resource :cbac_administration, "cbac/generic_roles/index"
+Privilege.resource :cbac_administration, "cbac/generic_roles/update", :post
+Privilege.resource :cbac_administration, "cbac/generic_roles/create", :post
+Privilege.resource :cbac_administration, "cbac/generic_roles/delete", :post
+
+# model attributes
+#Privilege.model_attribute :blog_update, :blog, :author, :write
+#privilege.model_attribute :blog_update, :blog, :author, :w
+#privilege.model_attribute :blog_update, :blog, :author, :rw
+# Models
+# Enforcing mode
+#Privilege.model :blog_read, :blog, :load
+#Privilege.model :blog_create, :blog, :save
+#Privilege.model :blog_update, :blog, :update
+#Privilege.model :blog_update, :blog, :delete
+

data/generators/cbac/templates/controllers/generic_roles_controller.rb

@@ -0,0 +1,30 @@
+class Cbac::GenericRolesController < ApplicationController
+  # The layout used for all CBAC pages
+  layout "cbac"
+
+  # GET /index
+  # GET /index.xml
+  def index
+  end
+
+  # POST /update
+  def update
+    @role = Cbac::GenericRole.find(params[:id])
+    @role.update_attributes(params[:cbac_generic_role])
+    redirect_to :action => "index"
+  end
+
+  # POST /create
+  def create
+    @role = Cbac::GenericRole.new(params[:cbac_generic_role])
+    @role.save
+    redirect_to :action => "index"
+  end
+
+  # POST /delete
+  def delete
+    @role = Cbac::GenericRole.find(params[:id])
+    @role.delete
+    redirect_to :action => "index"
+  end
+end

data/generators/cbac/templates/controllers/memberships_controller.rb

@@ -0,0 +1,22 @@
+class Cbac::MembershipsController < ApplicationController
+  # The layout used for all CBAC pages
+  layout "cbac"
+
+  # GET /index
+  # GET /index.xml
+  def index
+    @generic_roles = Cbac::GenericRole.find(:all)
+    @users = User.find(:all)
+  end
+
+  # POST /update
+  def update
+    Cbac::Membership.find(:all, :conditions => ["generic_role_id = ? AND user_id = ?", params[:generic_role_id], params[:user_id]]).each{|p|p.delete}
+    if params[:member].to_s == "1"
+      Cbac::Membership.create(:generic_role_id => params[:generic_role_id], :user_id => params[:user_id])
+    end
+    role = Cbac::GenericRole.find(params[:generic_role_id])
+    render :partial => "cbac/memberships/update.html", :locals => {:generic_role => role,
+      :user_id => params[:user_id], :update_partial => true}
+  end
+end

data/generators/cbac/templates/controllers/permissions_controller.rb

@@ -0,0 +1,42 @@
+class Cbac::PermissionsController < ApplicationController
+  # The layout used for all CBAC pages
+  layout "cbac"
+
+  # GET /index GET /index.xml
+  def index
+    @context_roles = ContextRole.roles.collect{|key, value| [key, value]}
+    @generic_roles = Cbac::GenericRole.find(:all)
+  end
+
+  def update
+    unless params[:context_role].nil?
+      update_context_role
+      return
+    end
+    unless params[:generic_role_id].nil?
+      update_generic_role
+    end
+  end
+
+  private
+
+  # POST /update
+  def update_context_role
+    Cbac::Permission.find(:all, :conditions => ["context_role = ? AND privilege_set_id = ?", params[:context_role], params[:privilege_set_id]]).each{|p|p.delete}
+    if params[:permission].to_s == "1"
+      Cbac::Permission.create(:context_role => params[:context_role], :privilege_set_id => params[:privilege_set_id])
+    end
+    render :partial => "cbac/permissions/update_context_role.html", :locals => {:context_role => params[:context_role],
+      :set_id => params[:privilege_set_id], :update_partial => true}
+  end
+
+  def update_generic_role
+    Cbac::Permission.find(:all, :conditions => ["generic_role_id = ? AND privilege_set_id = ?", params[:generic_role_id], params[:privilege_set_id]]).each{|p|p.delete}
+    if params[:permission].to_s == "1"
+      Cbac::Permission.create(:generic_role_id => params[:generic_role_id], :privilege_set_id => params[:privilege_set_id])
+    end
+    role = Cbac::GenericRole.find(params[:generic_role_id])
+    render :partial => "cbac/permissions/update_generic_role.html", :locals => {:role =>role,
+      :set_id => params[:privilege_set_id], :update_partial => true}
+  end
+end

data/generators/cbac/templates/fixtures/cbac_generic_roles.yml

@@ -0,0 +1,9 @@
+###
+# Context 
+## YAML template for the generic roles
+
+one:
+    id: 1
+    name: administrators
+    remarks: Administrators role. Grants full access to the entire system.
+

data/generators/cbac/templates/fixtures/cbac_memberships.yml

@@ -0,0 +1,8 @@
+###
+# Context 
+## YAML template for the memberships
+
+# Making the first user member of the administrator group
+one:
+    user_id: 1
+    cbac_generic_role_id: 1

data/generators/cbac/templates/fixtures/cbac_permissions.yml

@@ -0,0 +1,8 @@
+###
+# Context 
+## YAML template for the permissions
+<% PrivilegeSet.sets.each do |set| %>
+fix_<%= set.id %>:
+    generic_role_id:  1
+    privilege_set_id: <%= set.id %>
+<% end %>

data/generators/cbac/templates/migrate/create_cbac.rb

@@ -0,0 +1,40 @@
+class CreateCbac < ActiveRecord::Migration
+  def self.up
+    create_table :cbac_permissions do |t|
+      t.integer :generic_role_id, :default => 0
+      t.string :context_role
+      t.integer :privilege_set_id
+      t.timestamps
+    end
+
+    create_table :cbac_generic_roles do |t|
+      t.string :name
+      t.text :remarks
+      t.timestamps
+    end
+
+    create_table :cbac_memberships do |t|
+      t.integer :user_id
+      t.integer :generic_role_id
+      t.timestamps
+    end
+
+    create_table :cbac_privilege_set do |t|
+      t.string :name
+      t.timestamps
+    end
+
+#    create_table :cbac_context_role do |t|
+#      t.string :name
+#      t.timestamps
+#    end
+  end
+
+  def self.down
+    drop_table :cbac_permissions
+    drop_table :cbac_generic_roles
+    drop_table :cbac_memberships
+    drop_table :cbac_privilege_set
+#    drop_table :cbac_context_role
+  end
+end