RubyGems - cbac - Versions diffs - 0.3.1 - Mend

cbac 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

data/Manifest +44 -0
data/README.rdoc +48 -0
data/Rakefile +36 -0
data/cbac.gemspec +31 -0
data/generators/cbac/USAGE +34 -0
data/generators/cbac/cbac_generator.rb +45 -0
data/generators/cbac/templates/config/context_roles.rb +10 -0
data/generators/cbac/templates/config/privileges.rb +30 -0
data/generators/cbac/templates/controllers/generic_roles_controller.rb +30 -0
data/generators/cbac/templates/controllers/memberships_controller.rb +22 -0
data/generators/cbac/templates/controllers/permissions_controller.rb +42 -0
data/generators/cbac/templates/fixtures/cbac_generic_roles.yml +9 -0
data/generators/cbac/templates/fixtures/cbac_memberships.yml +8 -0
data/generators/cbac/templates/fixtures/cbac_permissions.yml +8 -0
data/generators/cbac/templates/migrate/create_cbac.rb +40 -0
data/generators/cbac/templates/stylesheets/cbac.css +65 -0
data/generators/cbac/templates/views/generic_roles/index.html.erb +59 -0
data/generators/cbac/templates/views/layouts/cbac.html.erb +17 -0
data/generators/cbac/templates/views/memberships/_update.html.erb +12 -0
data/generators/cbac/templates/views/memberships/index.html.erb +22 -0
data/generators/cbac/templates/views/permissions/_update_context_role.html.erb +12 -0
data/generators/cbac/templates/views/permissions/_update_generic_role.html.erb +12 -0
data/generators/cbac/templates/views/permissions/index.html.erb +31 -0
data/init.rb +11 -0
data/lib/cbac.rb +104 -0
data/lib/cbac/config.rb +10 -0
data/lib/cbac/context_role.rb +27 -0
data/lib/cbac/generic_role.rb +6 -0
data/lib/cbac/membership.rb +4 -0
data/lib/cbac/permission.rb +6 -0
data/lib/cbac/privilege.rb +72 -0
data/lib/cbac/privilege_set.rb +28 -0
data/lib/cbac/privilege_set_record.rb +5 -0
data/lib/cbac/setup.rb +31 -0
data/tasks/cbac.rake +19 -0
data/test/fixtures/cbac_generic_roles.yml +9 -0
data/test/fixtures/cbac_memberships.yml +8 -0
data/test/fixtures/cbac_permissions.yml +15 -0
data/test/fixtures/cbac_privilege_set.yml +18 -0
data/test/test_cbac_authorize_context_roles.rb +43 -0
data/test/test_cbac_authorize_generic_roles.rb +37 -0
data/test/test_cbac_context_role.rb +51 -0
data/test/test_cbac_privilege.rb +99 -0
data/test/test_cbac_privilege_set.rb +52 -0
metadata +118 -0

data/lib/cbac/privilege_set.rb ADDED

@@ -0,0 +1,28 @@
+# Defines sets of privileges
+#
+# To create a new set: PrivilegeSet.add :set_name, "Some comment on what this
+# set does"
+#
+# To retrieve a privilegeset, use the sets attribute. This is a Hash containing
+# PrivilegeSetRecords. Usage: PrivilegeSet.sets(:set_name). If the PrivilegeSet
+# already exists, an ArgumentError is thrown stating the set was already
+# defined.
+class Cbac::PrivilegeSet
+  class << self
+    # Hash containing all the PrivilegeSetRecords
+    attr_reader :sets
+    # Create a new PrivilegeSet
+    def add(symbol, comment)
+      # initialize variables (if applicable)
+      @sets = Hash.new if @sets.nil?
+      # check for double creation
+      raise ArgumentError, "CBAC: PrivilegeSet was already defined: #{symbol.to_s}" if @sets.include?(symbol)
+      # Create record if privilegeset doesn't exist
+      Cbac::PrivilegeSetRecord.create(:name => symbol.to_s) if Cbac::PrivilegeSetRecord.find(:first, :conditions => ["name = ?", symbol.to_s]).nil?
+      record = Cbac::PrivilegeSetRecord.find(:first, :conditions => ["name = ?", symbol.to_s])
+      record.comment = comment
+      @sets[symbol] = record
+    end
+  end
+end

data/lib/cbac/privilege_set_record.rb ADDED

@@ -0,0 +1,5 @@
+class Cbac::PrivilegeSetRecord < ActiveRecord::Base
+  set_table_name "cbac_privilege_set"
+  attr_accessor :comment
+end

data/lib/cbac/setup.rb ADDED

@@ -0,0 +1,31 @@
+module Cbac
+  # Class performs various functions specific to the CBAC system itself. Most
+  # important function is to check if the system is initialized; without proper
+  # initialization, the bootstrapper will crash.
+  class Setup
+    class << self
+      # Check to see if the tables are correctly migrated. If the tables are not
+      # migrated, CBAC should terminate immediately.
+      def check_tables
+        return false unless Cbac::PrivilegeSetRecord.table_exists?
+        return false unless Cbac::GenericRole.table_exists?
+        return false unless Cbac::Membership.table_exists?
+        return false unless Cbac::Permission.table_exists?
+        true
+      end
+      # Checks if the system is properly setup. This method is used by the
+      # bootstrapper to see if the system should be initialized. If the system
+      # is not properly setup, the bootstrapper will crash. Checks are performed
+      # to see if all the tables exists.
+      def check
+        if check_tables == false
+          puts "CBAC: not properly initialized: one or more tables are missing. Did you install it correctly? (run generate)"
+          return false
+        end
+        true
+      end
+    end
+  end
+end

data/tasks/cbac.rake ADDED

@@ -0,0 +1,19 @@
+# This rakefile contains the rake tasks for CBAC
+#
+# CBAC is context based access control. It enables an application to
+#
+#
+# cbac:setup
+# cbac:check
+#
+# 2009-11-27  Bert Meerman        First version
+#
+namespace :cbac do
+  namespace :check do
+    desc "Checks all the available controller methods for missing privileges"
+    task :mapping do
+      load_controller_methods
+      puts "lala"
+    end
+  end
+end

data/test/fixtures/cbac_generic_roles.yml ADDED

@@ -0,0 +1,9 @@
+###
+# Context
+## YAML template for the generic roles
+one:
+  id: 1
+  name: administrators
+  remarks: Administrators role. Grants full access to the entire system.

data/test/fixtures/cbac_memberships.yml ADDED

@@ -0,0 +1,8 @@
+###
+# Context
+## YAML template for the memberships
+# Making the first user member of the administrator group
+one:
+    user_id: 1
+    generic_role_id: 1

data/test/fixtures/cbac_permissions.yml ADDED

@@ -0,0 +1,15 @@
+###
+# Context
+## YAML template for the permissions
+#role_id:   GenericRole.get_id :authorize_context_role
+# used by test_cbac_authorize_context_roles
+one:
+  context_role: authorize_context_role
+  privilege_set_id: 2
+# used by test_cbac_authorize_generic_roles
+two:
+  generic_role_id: 1
+  privilege_set_id: 3

data/test/fixtures/cbac_privilege_set.yml ADDED

@@ -0,0 +1,18 @@
+###
+# YAML template for the PrivilegeSets
+#
+# Privilegeset
+one:
+  id: 1
+  name: existing_privilege_set
+# Used by the test_cbac_authorize_context_roles
+two:
+  id: 2
+  name: cbac_context_role
+# Used by the test_cbac_authorize_generic_roles
+three:
+  id: 3
+  name: cbac_generic_role

data/test/test_cbac_authorize_context_roles.rb ADDED

@@ -0,0 +1,43 @@
+require File.expand_path(File.join(File.dirname(__FILE__), '../../../../test/test_helper'))
+require 'test/unit'
+require 'rubygems'
+# Dummy code for overriding the default current_user behavior
+module Cbac
+  def current_user
+    1
+  end
+end
+###
+# Tests the Cbac system for authorization with context roles
+#
+class CbacAuthorizeContextRolesTest <  ActiveSupport::TestCase
+  include Cbac
+  self.fixture_path = File.join(File.dirname(__FILE__), "fixtures")
+  fixtures :all
+  attr_accessor :authorize_context_eval_string
+  # Setup defines the PrivilegeSet that is being used by all PrivilegeTest methods
+  def setup
+    return if PrivilegeSet.sets.include?(:cbac_context_role)
+    PrivilegeSet.add :cbac_context_role, ""
+    Privilege.resource  :cbac_context_role, "authorize/context/roles", :get
+    ContextRole.add :authorize_context_role, "context.authorize_context_eval_string"
+  end
+  # Check to see if action is correctly authorized
+  def test_authorize_ok
+    self.authorize_context_eval_string = true
+    assert_equal true, authorization_check("authorize/context", "roles", :get, self)
+  end
+  # Run authorization with incorrect authorization
+  def test_authorize_incorrect_privilege
+    self.authorize_context_eval_string = false
+#    ContextRole.roles[:authorize_context_role] = "false"
+    assert_equal false, authorization_check("authorize/context", "roles", :get, self)
+#    ContextRole.roles[:authorize_context_role] = "true"
+  end
+end

data/test/test_cbac_authorize_generic_roles.rb ADDED

@@ -0,0 +1,37 @@
+require File.expand_path(File.join(File.dirname(__FILE__), '../../../../test/test_helper'))
+require 'test/unit'
+require 'rubygems'
+# Dummy code for overriding the default current_user behavior
+module Cbac
+  def current_user
+    1
+  end
+end
+###
+# Tests the Cbac system for authorization with generic roles
+#
+class CbacAuthorizeGenericRolesTest <  ActiveSupport::TestCase
+  self.fixture_path = File.join(File.dirname(__FILE__), "fixtures")
+  fixtures :all
+  # Setup defines the PrivilegeSet that is being used by all PrivilegeTest methods
+  def setup
+    return if PrivilegeSet.sets.include?(:cbac_generic_role)
+    PrivilegeSet.add :cbac_generic_role, ""
+    PrivilegeSet.add :cbac_generic_role_incorrect, ""
+    Privilege.resource  :cbac_generic_role, "authorize/generic/roles", :get
+    Privilege.resource  :cbac_generic_role_incorrect, "authorize/generic/roles_incorrect", :get
+  end
+  # Check to see if action is correctly authorized
+  def test_authorize_ok
+    assert_equal true, authorization_check("authorize/generic", "roles", :get)
+  end
+  # Run authorization with incorrect authorization
+  def test_authorize_incorrect_privilege
+    assert_equal false, authorization_check("authorize/generic", "roles_incorrect", :get)
+  end
+end

data/test/test_cbac_context_role.rb ADDED

@@ -0,0 +1,51 @@
+require File.expand_path(File.join(File.dirname(__FILE__), '../../../../test/test_helper'))
+require 'test/unit'
+require 'rubygems'
+# ### Tests the Cbac::ContextRole class
+#
+class CbacContextRoleTest <  ActiveSupport::TestCase
+  # Adds a new context role This test should add a new ContextRole and
+  # everything should be working.
+  def test_adding_new_context_role_by_string
+    eval_string = "true"
+    assert_difference("ContextRole.roles.length", 1, "Failed to add new ContextRole") do
+      ContextRole.add :test_adding_new_context_role_by_string, eval_string
+    end
+    assert_equal(true, ContextRole.roles.keys.include?(:test_adding_new_context_role_by_string), "ContextRole symbol not found.")
+    result = ContextRole.roles[:test_adding_new_context_role_by_string].call(nil)
+    assert_equal(true, result, "Incorrect eval string.")
+    eval_string = "false"
+    assert_difference("ContextRole.roles.length", 1, "Failed to add new ContextRole") do
+      ContextRole.add :test_adding_new_context_role_by_string2, eval_string
+    end
+    assert_equal(true, ContextRole.roles.keys.include?(:test_adding_new_context_role_by_string2), "ContextRole symbol not found.")
+    result = ContextRole.roles[:test_adding_new_context_role_by_string2].call(nil)
+    assert_equal(false, result, "Incorrect eval string.")
+  end
+  # Adds a new context role This test should add a new ContextRole and
+  # everything should be working.
+  def test_adding_new_context_role_by_block_statement
+    assert_difference("ContextRole.roles.length", 1, "Failed to add new ContextRole") do
+      ContextRole.add :test_adding_new_context_role_by_block_stmt do
+        @test = 2
+        true
+      end
+    end
+    assert_equal(true, ContextRole.roles.keys.include?(:test_adding_new_context_role_by_block_stmt), "ContextRole symbol not found.")
+    @test = 0
+    ContextRole.roles[:test_adding_new_context_role_by_block_stmt].call
+    assert_equal(2, @test, "Incorrect eval string.")
+  end
+  # When adding an already existing ContextRole, an ArgumentError should be
+  # raised. ContextRoles can only be declared once.
+  def test_adding_double_context_roles
+    ContextRole.add :test_adding_double_context_roles, ""
+    assert_raise(ArgumentError) do
+      ContextRole.add :test_adding_double_context_roles, ""
+    end
+  end
+end

data/test/test_cbac_privilege.rb ADDED

@@ -0,0 +1,99 @@
+require File.expand_path(File.join(File.dirname(__FILE__), '../../../../test/test_helper'))
+require 'test/unit'
+require 'rubygems'
+# ### Tests the Cbac::Privilege class
+#
+class CbacPrivilegeTest <  ActiveSupport::TestCase
+  # Setup defines the PrivilegeSet that is being used by all PrivilegeTest
+  # methods
+  def setup
+    PrivilegeSet.add :cbac_privilege, "" unless PrivilegeSet.sets.include?(:cbac_privilege)
+  end
+  # Test adding get and post resources It is possible to add a resource using
+  # different names for actions. This method also checks if these aliases are
+  # all operating well.
+  def test_add_resources
+    assert_difference("Privilege.get_resources.length", 4, "GET resource was not added.") do
+      Privilege.resource :cbac_privilege, "add/resources/get/1", :GET
+      Privilege.resource :cbac_privilege, "add/resources/get/2", :get
+      Privilege.resource :cbac_privilege, "add/resources/get/3", :g
+      Privilege.resource :cbac_privilege, "add/resources/get/4", :idempotent
+    end
+    assert_difference("Privilege.post_resources.length", 3, "POST resource was not added.") do
+      Privilege.resource :cbac_privilege, "add/resources/post/1", :POST
+      Privilege.resource :cbac_privilege, "add/resources/post/2", :post
+      Privilege.resource :cbac_privilege, "add/resources/post/3", :p
+    end
+  end
+  # If an invalid action is specified, the method must raise an ArgumentError
+  # exception.
+  def test_add_incorrect_action
+    assert_raise(ArgumentError) do
+      Privilege.resource :cbac_privilege, "add/incorrect/action", :error
+    end
+  end
+  # If a privilege is added to a non existing PrivilegeSet, an ArgumentError
+  # exception must occur.
+  def test_add_resource_to_invalid_privilege_set
+    assert_raise(ArgumentError) do
+      Privilege.resource :cbac_privilege_error, "add/resource/to/invalid/privilege/set", :get
+    end
+  end
+  # Test the Privilege.select method. This method accepts a controller method
+  # string and an action type It returns the privilegesets that comply with this
+  # combination The actions post, put and delete are identical. This test aims
+  # at testing this assumption.
+  def test_select_correct
+    Privilege.resource :cbac_privilege, "select/correct/get", :get
+    Privilege.resource :cbac_privilege, "select/correct/post", :post
+    Privilege.resource :cbac_privilege, "select/correct/put", :post
+    Privilege.resource :cbac_privilege, "select/correct/delete", :post
+    assert_equal 1, Privilege.select("select/correct/get", :get).length
+    [:post, :put, :delete].each do |action|
+      assert_equal 1, Privilege.select("select/correct/post", action).length
+      assert_equal 1, Privilege.select("select/correct/put", action).length
+      assert_equal 1, Privilege.select("select/correct/delete", action).length
+    end
+  end
+  def test_exception()
+    begin
+      yield
+    rescue Exception => e
+      return e.message
+    end
+    raise "No exception was thrown"
+  end
+  # test selecting an incorrect action type
+  def test_select_incorrect_action_types
+    controller_method = "select/incorrect/action/types/get"
+    Privilege.resource :cbac_privilege, controller_method, :get
+    Privilege.select(controller_method, :get)
+    assert_match(/Incorrect action_type/, test_exception { Privilege.select(controller_method, :error) })
+  end
+  # If a user asks for the wrong action_type (e.g. a request is made for 'get'
+  # but there are only 'post' privileges or vica versa) the system will throw an
+  # exception as expected, but the system will also hint at the possibility of
+  # messing up get and post.
+  def test_select_the_other_action_type
+    controller_method = "select/the/other/action/type/get"
+    Privilege.resource :cbac_privilege, controller_method, :get
+    assert_match(/PrivilegeSets only exist for other action/, test_exception { Privilege.select(controller_method, :post) })
+  end
+  # Trying to find privileges for a set that doesn't exist, should result in an
+  # exception
+  def test_select_could_not_find_any_privilegeset
+    controller_method = "select/could/not/find/any/privilegeset/get"
+    assert_raise(RuntimeError) do
+      Privilege.select(controller_method, :post)
+    end
+  end
+end

data/test/test_cbac_privilege_set.rb ADDED

@@ -0,0 +1,52 @@
+require File.expand_path(File.join(File.dirname(__FILE__), '../../../../test/test_helper'))
+require 'test/unit'
+require 'rubygems'
+###
+# Tests the Cbac::PrivilegeSet class
+#
+class CbacPrivilegeSetTest <  ActiveSupport::TestCase
+  self.fixture_path = File.join(File.dirname(__FILE__), "fixtures")
+  fixtures :all
+  # Adds a new privilege to the PrivilegeSet.
+  # This test should add a new privilege and everything should be working.
+  def test_adding_new_privilege_set
+    comment = "test_adding_new_privilege_set"
+    assert_difference("PrivilegeSet.sets.length", 1, "Adding test PrivilegeSet") do
+      PrivilegeSet.add :test_adding_new_privilege_set, comment
+    end
+    assert_equal(true, PrivilegeSet.sets.include?(:test_adding_new_privilege_set), "PrivilegeSet symbol not found.")
+    assert_equal(comment, PrivilegeSet.sets[:test_adding_new_privilege_set].comment, "Incorrect comment.")
+  end
+  # When adding an already existing PrivilegeSet, an ArgumentError should be raised.
+  # PrivilegeSets can only be declared once.
+  def test_adding_double_privilege_sets
+    PrivilegeSet.add :test_adding_double_privilege_sets, ""
+    assert_raise(ArgumentError) do
+      PrivilegeSet.add :test_adding_double_privilege_sets, ""
+    end
+  end
+  # This privilegeset is already in the database. The id
+  # should therefore be identical to the id specified in the fixture.
+  # Also, the number of records should not change.
+  def test_initializing_existing_privilege_set
+    assert_difference("PrivilegeSet.sets.length", 1, "Adding test PrivilegeSet") do
+      assert_difference("Cbac::PrivilegeSetRecord.find(:all).length", 0, "Record should have been added to table") do
+        PrivilegeSet.add :existing_privilege_set, "Something"
+      end
+    end
+  end
+  # This privilegeset does not yet exist. A new entry should be created
+  # in the database. Also, the id should not be zero.
+  def test_initializing_new_privilege_set
+    assert_difference("PrivilegeSet.sets.length", 1, "Adding test PrivilegeSet") do
+      assert_difference("Cbac::PrivilegeSetRecord.find(:all).length", 1, "Record should not be added to table - record already exists") do
+        PrivilegeSet.add :test_initializing_new_privilege_set, "Something"
+      end
+    end
+  end
+end

metadata ADDED

@@ -0,0 +1,118 @@
+--- !ruby/object:Gem::Specification
+name: cbac
+version: !ruby/object:Gem::Version
+  version: 0.3.1
+platform: ruby
+authors:
+- Bert Meerman
+autorequire:
+bindir: bin
+cert_chain: []
+date: 2010-02-05 00:00:00 +01:00
+default_executable:
+dependencies: []
+description: Simple authorization system for Rails applications. Allows you to develop applications with a mixed role based authorization and a context based authorization model. Does not supply authentication.
+email: b.meerman@ogd.nl
+executables: []
+extensions: []
+extra_rdoc_files:
+- README.rdoc
+- lib/cbac.rb
+- lib/cbac/config.rb
+- lib/cbac/context_role.rb
+- lib/cbac/generic_role.rb
+- lib/cbac/membership.rb
+- lib/cbac/permission.rb
+- lib/cbac/privilege.rb
+- lib/cbac/privilege_set.rb
+- lib/cbac/privilege_set_record.rb
+- lib/cbac/setup.rb
+- tasks/cbac.rake
+files:
+- Manifest
+- README.rdoc
+- Rakefile
+- cbac.gemspec
+- generators/cbac/USAGE
+- generators/cbac/cbac_generator.rb
+- generators/cbac/templates/config/context_roles.rb
+- generators/cbac/templates/config/privileges.rb
+- generators/cbac/templates/controllers/generic_roles_controller.rb
+- generators/cbac/templates/controllers/memberships_controller.rb
+- generators/cbac/templates/controllers/permissions_controller.rb
+- generators/cbac/templates/fixtures/cbac_generic_roles.yml
+- generators/cbac/templates/fixtures/cbac_memberships.yml
+- generators/cbac/templates/fixtures/cbac_permissions.yml
+- generators/cbac/templates/migrate/create_cbac.rb
+- generators/cbac/templates/stylesheets/cbac.css
+- generators/cbac/templates/views/generic_roles/index.html.erb
+- generators/cbac/templates/views/layouts/cbac.html.erb
+- generators/cbac/templates/views/memberships/_update.html.erb
+- generators/cbac/templates/views/memberships/index.html.erb
+- generators/cbac/templates/views/permissions/_update_context_role.html.erb
+- generators/cbac/templates/views/permissions/_update_generic_role.html.erb
+- generators/cbac/templates/views/permissions/index.html.erb
+- init.rb
+- lib/cbac.rb
+- lib/cbac/config.rb
+- lib/cbac/context_role.rb
+- lib/cbac/generic_role.rb
+- lib/cbac/membership.rb
+- lib/cbac/permission.rb
+- lib/cbac/privilege.rb
+- lib/cbac/privilege_set.rb
+- lib/cbac/privilege_set_record.rb
+- lib/cbac/setup.rb
+- tasks/cbac.rake
+- test/fixtures/cbac_generic_roles.yml
+- test/fixtures/cbac_memberships.yml
+- test/fixtures/cbac_permissions.yml
+- test/fixtures/cbac_privilege_set.yml
+- test/test_cbac_authorize_context_roles.rb
+- test/test_cbac_authorize_generic_roles.rb
+- test/test_cbac_context_role.rb
+- test/test_cbac_privilege.rb
+- test/test_cbac_privilege_set.rb
+has_rdoc: true
+homepage: http://cbac.rubyforge.org
+licenses: []
+post_install_message:
+rdoc_options:
+- --line-numbers
+- --inline-source
+- --title
+- Cbac
+- --main
+- README.rdoc
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "0"
+  version:
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: "1.2"
+  version:
+requirements: []
+rubyforge_project: cbac
+rubygems_version: 1.3.5
+signing_key:
+specification_version: 3
+summary: CBAC - Simple authorization system for Rails applications.
+test_files:
+- test/test_cbac_authorize_context_roles.rb
+- test/test_cbac_authorize_generic_roles.rb
+- test/test_cbac_context_role.rb
+- test/test_cbac_privilege.rb
+- test/test_cbac_privilege_set.rb