cbac 0.5.4 → 0.6.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Manifest +74 -65
- data/README.rdoc +51 -48
- data/Rakefile +39 -36
- data/cbac.gemspec +31 -31
- data/config/cbac/context_roles.rb +21 -0
- data/config/cbac/privileges.rb +50 -0
- data/context_roles.rb +21 -0
- data/init.rb +3 -11
- data/lib/cbac.rb +132 -114
- data/lib/cbac/cbac_pristine/pristine.rb +134 -134
- data/lib/cbac/cbac_pristine/pristine_file.rb +170 -170
- data/lib/cbac/cbac_pristine/pristine_permission.rb +193 -193
- data/lib/cbac/cbac_pristine/pristine_role.rb +41 -41
- data/lib/cbac/config.rb +9 -9
- data/lib/cbac/context_role.rb +27 -27
- data/lib/cbac/generic_role.rb +5 -5
- data/lib/cbac/known_permission.rb +14 -14
- data/lib/cbac/membership.rb +3 -3
- data/lib/cbac/permission.rb +5 -5
- data/lib/cbac/privilege.rb +117 -116
- data/lib/cbac/privilege_new_api.rb +56 -56
- data/lib/cbac/privilege_set.rb +29 -29
- data/lib/cbac/privilege_set_record.rb +6 -6
- data/lib/cbac/setup.rb +37 -30
- data/{generators → lib/generators}/cbac/USAGE +33 -33
- data/lib/generators/cbac/cbac_generator.rb +75 -0
- data/{generators/cbac/templates → lib/generators/cbac/copy_files}/config/cbac.pristine +2 -2
- data/lib/generators/cbac/copy_files/config/context_roles.rb +17 -0
- data/lib/generators/cbac/copy_files/config/privileges.rb +25 -0
- data/{generators/cbac/templates → lib/generators/cbac/copy_files}/controllers/generic_roles_controller.rb +30 -30
- data/{generators/cbac/templates → lib/generators/cbac/copy_files}/controllers/memberships_controller.rb +22 -22
- data/{generators/cbac/templates → lib/generators/cbac/copy_files}/controllers/permissions_controller.rb +61 -61
- data/{generators/cbac/templates → lib/generators/cbac/copy_files}/controllers/upgrade_controller.rb +23 -23
- data/{generators/cbac/templates → lib/generators/cbac/copy_files}/fixtures/cbac_generic_roles.yml +9 -9
- data/{generators/cbac/templates → lib/generators/cbac/copy_files}/fixtures/cbac_memberships.yml +8 -8
- data/{generators/cbac/templates → lib/generators/cbac/copy_files}/fixtures/cbac_permissions.yml +8 -8
- data/lib/generators/cbac/copy_files/initializers/cbac_config.rb +2 -0
- data/{generators/cbac/templates → lib/generators/cbac/copy_files}/migrate/create_cbac_from_scratch.rb +59 -59
- data/{generators/cbac/templates → lib/generators/cbac/copy_files}/migrate/create_cbac_upgrade_path.rb +31 -31
- data/{generators/cbac/templates → lib/generators/cbac/copy_files}/stylesheets/cbac.css +65 -65
- data/{generators/cbac/templates → lib/generators/cbac/copy_files}/tasks/cbac.rake +345 -345
- data/{generators/cbac/templates → lib/generators/cbac/copy_files}/views/generic_roles/index.html.erb +58 -58
- data/{generators/cbac/templates → lib/generators/cbac/copy_files}/views/layouts/cbac.html.erb +18 -18
- data/{generators/cbac/templates → lib/generators/cbac/copy_files}/views/memberships/_update.html.erb +11 -11
- data/{generators/cbac/templates → lib/generators/cbac/copy_files}/views/memberships/index.html.erb +23 -22
- data/{generators/cbac/templates → lib/generators/cbac/copy_files}/views/permissions/_update_context_role.html.erb +11 -11
- data/{generators/cbac/templates → lib/generators/cbac/copy_files}/views/permissions/_update_generic_role.html.erb +11 -11
- data/{generators/cbac/templates → lib/generators/cbac/copy_files}/views/permissions/index.html.erb +39 -39
- data/{generators/cbac/templates → lib/generators/cbac/copy_files}/views/upgrade/index.html.erb +31 -31
- data/nbproject/private/private.properties +3 -0
- data/nbproject/private/private.xml +4 -0
- data/nbproject/private/rake-d.txt +0 -0
- data/nbproject/project.properties +9 -0
- data/nbproject/project.xml +16 -0
- data/privileges.rb +50 -0
- data/rails/init.rb +1 -0
- data/spec/cbac_pristine_file_spec.rb +329 -329
- data/spec/cbac_pristine_permission_spec.rb +358 -358
- data/spec/cbac_pristine_role_spec.rb +85 -85
- data/spec/rcov.opts +1 -1
- data/spec/spec.opts +4 -4
- data/spec/spec_helper.rb +11 -11
- data/tasks/cbac.rake +345 -345
- data/test/db/test.sqlite3 +0 -0
- data/test/fixtures/cbac_generic_roles.yml +9 -9
- data/test/fixtures/cbac_memberships.yml +8 -8
- data/test/fixtures/cbac_permissions.yml +14 -14
- data/test/fixtures/cbac_privilege_set.yml +18 -18
- data/test/test_cbac_actions.rb +71 -70
- data/test/test_cbac_authorize_context_roles.rb +39 -40
- data/test/test_cbac_authorize_generic_roles.rb +36 -37
- data/test/test_cbac_context_role.rb +50 -51
- data/test/test_cbac_privilege.rb +151 -152
- data/test/test_cbac_privilege_set.rb +50 -51
- data/test/test_helper.rb +28 -0
- metadata +70 -38
- data/generators/cbac/cbac_generator.rb +0 -66
- data/generators/cbac/templates/config/context_roles.rb +0 -10
- data/generators/cbac/templates/config/privileges.rb +0 -30
- data/vendor/plugins/cbac/Manifest +0 -60
- data/vendor/plugins/cbac/cbac-0.5.3.gem +0 -0
- data/vendor/plugins/cbac/cbac.gemspec +0 -31
- data/vendor/plugins/cbac/pkg/cbac-0.5.3.gem +0 -0
@@ -1,56 +1,56 @@
|
|
1
|
-
# New API interface for CBAC system
|
2
|
-
#
|
3
|
-
# Changelog
|
4
|
-
# 101022 Bert Meerman Initial commit
|
5
|
-
#
|
6
|
-
|
7
|
-
module Cbac
|
8
|
-
# Starts a privileges and privilegeset declaration block
|
9
|
-
def
|
10
|
-
# Defines a new privilegeset
|
11
|
-
def set(name, description, &block)
|
12
|
-
|
13
|
-
# Adds a post declaration
|
14
|
-
def post(controller, *methods)
|
15
|
-
raise "Cannot add privilege without a set" unless @current_set_name
|
16
|
-
methods.each {|method|
|
17
|
-
Privilege.resource @current_set_name, controller.to_s + "/" + method.to_s, :post
|
18
|
-
}
|
19
|
-
end
|
20
|
-
|
21
|
-
# Adds a get declaration
|
22
|
-
def get(controller, *
|
23
|
-
raise "Cannot add privilege without a set" unless @current_set_name
|
24
|
-
methods.each {|method|
|
25
|
-
Privilege.resource @current_set_name, controller.to_s + "/" + method.to_s, :get
|
26
|
-
}
|
27
|
-
end
|
28
|
-
|
29
|
-
# Includes the stuff from another set
|
30
|
-
def includes(*set)
|
31
|
-
raise "includes is not yet supported"
|
32
|
-
end
|
33
|
-
|
34
|
-
raise "Cannot embed a set in another set" if @current_set
|
35
|
-
name = name.to_sym
|
36
|
-
description = description.to_str
|
37
|
-
PrivilegeSet.add(name, description)
|
38
|
-
@current_set = PrivilegeSet.sets[name]
|
39
|
-
@current_set_name = name
|
40
|
-
yield block
|
41
|
-
@current_set = nil
|
42
|
-
@current_set_name = nil
|
43
|
-
end
|
44
|
-
|
45
|
-
# Start an additional namespace declaration
|
46
|
-
def in_module (name, &block)
|
47
|
-
current_namespace = @cbac_namespace
|
48
|
-
@cbac_namespace = @cbac_namespace.to_s + name.to_s + "/"
|
49
|
-
yield block
|
50
|
-
@cbac_namespace = current_namespace
|
51
|
-
end
|
52
|
-
|
53
|
-
# Runs the block
|
54
|
-
yield block
|
55
|
-
end
|
56
|
-
end
|
1
|
+
# New API interface for CBAC system
|
2
|
+
#
|
3
|
+
# Changelog
|
4
|
+
# 101022 Bert Meerman Initial commit
|
5
|
+
#
|
6
|
+
|
7
|
+
module Cbac
|
8
|
+
# Starts a privileges and privilegeset declaration block
|
9
|
+
def cbac(&block)
|
10
|
+
# Defines a new privilegeset
|
11
|
+
def set(name, description, &block)
|
12
|
+
|
13
|
+
# Adds a post declaration
|
14
|
+
def post(controller, *methods)
|
15
|
+
raise "Cannot add privilege without a set" unless @current_set_name
|
16
|
+
methods.each {|method|
|
17
|
+
Privilege.resource @current_set_name, @cbac_namespace.to_s + controller.to_s + "/" + method.to_s, :post
|
18
|
+
}
|
19
|
+
end
|
20
|
+
|
21
|
+
# Adds a get declaration
|
22
|
+
def get(controller, *methods)
|
23
|
+
raise "Cannot add privilege without a set" unless @current_set_name
|
24
|
+
methods.each {|method|
|
25
|
+
Privilege.resource @current_set_name, @cbac_namespace.to_s + controller.to_s + "/" + method.to_s, :get
|
26
|
+
}
|
27
|
+
end
|
28
|
+
|
29
|
+
# Includes the stuff from another set
|
30
|
+
def includes(*set)
|
31
|
+
raise "includes is not yet supported"
|
32
|
+
end
|
33
|
+
|
34
|
+
raise "Cannot embed a set in another set" if @current_set
|
35
|
+
name = name.to_sym
|
36
|
+
description = description.to_str
|
37
|
+
PrivilegeSet.add(name, description)
|
38
|
+
@current_set = PrivilegeSet.sets[name]
|
39
|
+
@current_set_name = name
|
40
|
+
yield block
|
41
|
+
@current_set = nil
|
42
|
+
@current_set_name = nil
|
43
|
+
end
|
44
|
+
|
45
|
+
# Start an additional namespace declaration
|
46
|
+
def in_module (name, &block)
|
47
|
+
current_namespace = @cbac_namespace
|
48
|
+
@cbac_namespace = @cbac_namespace.to_s + name.to_s + "/"
|
49
|
+
yield block
|
50
|
+
@cbac_namespace = current_namespace
|
51
|
+
end
|
52
|
+
|
53
|
+
# Runs the block
|
54
|
+
yield block
|
55
|
+
end
|
56
|
+
end
|
data/lib/cbac/privilege_set.rb
CHANGED
@@ -1,29 +1,29 @@
|
|
1
|
-
# Defines sets of privileges
|
2
|
-
#
|
3
|
-
# To create a new set: PrivilegeSet.add :set_name, "Some comment on what this
|
4
|
-
# set does"
|
5
|
-
#
|
6
|
-
# To retrieve a privilegeset, use the sets attribute. This is a Hash containing
|
7
|
-
# PrivilegeSetRecords. Usage: PrivilegeSet.sets(:set_name). If the PrivilegeSet
|
8
|
-
# already exists, an ArgumentError is thrown stating the set was already
|
9
|
-
# defined.
|
10
|
-
class Cbac::PrivilegeSet
|
11
|
-
class << self
|
12
|
-
# Hash containing all the PrivilegeSetRecords
|
13
|
-
attr_reader :sets
|
14
|
-
|
15
|
-
# Create a new PrivilegeSet
|
16
|
-
def add(symbol, comment)
|
17
|
-
# initialize variables (if applicable)
|
18
|
-
@sets = Hash.new if @sets.nil?
|
19
|
-
# check for double creation
|
20
|
-
raise ArgumentError, "CBAC: PrivilegeSet was already defined: #{symbol.to_s}" if @sets.include?(symbol)
|
21
|
-
# Create record if privilege set doesn't exist
|
22
|
-
record = Cbac::PrivilegeSetRecord.find_or_create_by_name(symbol.to_s)
|
23
|
-
record.set_comment(comment)
|
24
|
-
record.save
|
25
|
-
|
26
|
-
@sets[symbol] = record
|
27
|
-
end
|
28
|
-
end
|
29
|
-
end
|
1
|
+
# Defines sets of privileges
|
2
|
+
#
|
3
|
+
# To create a new set: PrivilegeSet.add :set_name, "Some comment on what this
|
4
|
+
# set does"
|
5
|
+
#
|
6
|
+
# To retrieve a privilegeset, use the sets attribute. This is a Hash containing
|
7
|
+
# PrivilegeSetRecords. Usage: PrivilegeSet.sets(:set_name). If the PrivilegeSet
|
8
|
+
# already exists, an ArgumentError is thrown stating the set was already
|
9
|
+
# defined.
|
10
|
+
class Cbac::PrivilegeSet
|
11
|
+
class << self
|
12
|
+
# Hash containing all the PrivilegeSetRecords
|
13
|
+
attr_reader :sets
|
14
|
+
|
15
|
+
# Create a new PrivilegeSet
|
16
|
+
def add(symbol, comment)
|
17
|
+
# initialize variables (if applicable)
|
18
|
+
@sets = Hash.new if @sets.nil?
|
19
|
+
# check for double creation
|
20
|
+
raise ArgumentError, "CBAC: PrivilegeSet was already defined: #{symbol.to_s}" if @sets.include?(symbol)
|
21
|
+
# Create record if privilege set doesn't exist
|
22
|
+
record = Cbac::PrivilegeSetRecord.find_or_create_by_name(symbol.to_s)
|
23
|
+
record.set_comment(comment)
|
24
|
+
record.save
|
25
|
+
|
26
|
+
@sets[symbol] = record
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -1,7 +1,7 @@
|
|
1
|
-
class Cbac::PrivilegeSetRecord < ActiveRecord::Base
|
2
|
-
set_table_name "cbac_privilege_set"
|
3
|
-
|
4
|
-
def set_comment(comment)
|
5
|
-
self.comment = comment if has_attribute?("comment")
|
6
|
-
end
|
1
|
+
class Cbac::PrivilegeSetRecord < ActiveRecord::Base
|
2
|
+
set_table_name "cbac_privilege_set"
|
3
|
+
|
4
|
+
def set_comment(comment)
|
5
|
+
self.comment = comment if has_attribute?("comment")
|
6
|
+
end
|
7
7
|
end
|
data/lib/cbac/setup.rb
CHANGED
@@ -1,31 +1,38 @@
|
|
1
|
-
|
2
|
-
|
3
|
-
#
|
4
|
-
#
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
# migrated
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
1
|
+
|
2
|
+
module Cbac
|
3
|
+
# Class performs various functions specific to the CBAC system itself. Most
|
4
|
+
# important function is to check if the system is initialized; without proper
|
5
|
+
# initialization, the bootstrapper will crash.
|
6
|
+
class Setup
|
7
|
+
class << self
|
8
|
+
|
9
|
+
# Check to see if the tables are correctly migrated. If the tables are not
|
10
|
+
# migrated, CBAC should terminate immediately.
|
11
|
+
def check_tables
|
12
|
+
# It is possible that there is no database connection yet. In that case, the table_exist call will fail
|
13
|
+
begin
|
14
|
+
return false unless Cbac::PrivilegeSetRecord.table_exists?
|
15
|
+
rescue ActiveRecord::ConnectionNotEstablished
|
16
|
+
puts "CBAC: Connection to database not established when initializing Cbac. Cbac is *not* running."
|
17
|
+
return false
|
18
|
+
end
|
19
|
+
return false unless Cbac::GenericRole.table_exists?
|
20
|
+
return false unless Cbac::Membership.table_exists?
|
21
|
+
return false unless Cbac::Permission.table_exists?
|
22
|
+
true
|
23
|
+
end
|
24
|
+
|
25
|
+
# Checks if the system is properly setup. This method is used by the
|
26
|
+
# bootstrapper to see if the system should be initialized. If the system
|
27
|
+
# is not properly setup, the bootstrapper will crash. Checks are performed
|
28
|
+
# to see if all the tables exists.
|
29
|
+
def check
|
30
|
+
if check_tables == false
|
31
|
+
puts "CBAC: not properly initialized: one or more tables are missing. Did you install it correctly? (run generate)"
|
32
|
+
return false
|
33
|
+
end
|
34
|
+
true
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
31
38
|
end
|
@@ -1,34 +1,34 @@
|
|
1
|
-
NAME
|
2
|
-
cbac - Generator scripts for the Context Based Access Control system
|
3
|
-
|
4
|
-
SYNOPSIS
|
5
|
-
cbac
|
6
|
-
|
7
|
-
DESCRIPTION
|
8
|
-
This generator creates the basic setup for the CBAC system.
|
9
|
-
|
10
|
-
Included:
|
11
|
-
- config/privileges.rb
|
12
|
-
- config/context_roles.rb
|
13
|
-
- db/migrate/create_cbac.rb
|
14
|
-
- app/controllers/cbac/generic_roles_controller.rb
|
15
|
-
- app/controllers/cbac/memberships_controller.rb
|
16
|
-
- app/controllers/cbac/permissions_controller.rb
|
17
|
-
- app/views/layouts/cbac.html.erb
|
18
|
-
- app/views/cbac/generic_roles/index.html.erb
|
19
|
-
- app/views/cbac/memberships/index.html.erb
|
20
|
-
- app/views/cbac/memberships/_update.html.erb
|
21
|
-
- app/views/cbac/permissions/index.html.erb
|
22
|
-
- app/views/cbac/permissions/_update.html.erb
|
23
|
-
- public/stylesheets/cbac.css
|
24
|
-
- test/fixtures/cbac_permissions.yml
|
25
|
-
- test/fixtures/cbac_generic_roles.yml
|
26
|
-
- test/fixtures/cbac_memberships.yml
|
27
|
-
|
28
|
-
|
29
|
-
EXAMPLE
|
30
|
-
./script/generate cbac
|
31
|
-
|
32
|
-
MORE INFO
|
33
|
-
http://cbac.rubyforge.org/
|
1
|
+
NAME
|
2
|
+
cbac - Generator scripts for the Context Based Access Control system
|
3
|
+
|
4
|
+
SYNOPSIS
|
5
|
+
cbac
|
6
|
+
|
7
|
+
DESCRIPTION
|
8
|
+
This generator creates the basic setup for the CBAC system.
|
9
|
+
|
10
|
+
Included:
|
11
|
+
- config/privileges.rb
|
12
|
+
- config/context_roles.rb
|
13
|
+
- db/migrate/create_cbac.rb
|
14
|
+
- app/controllers/cbac/generic_roles_controller.rb
|
15
|
+
- app/controllers/cbac/memberships_controller.rb
|
16
|
+
- app/controllers/cbac/permissions_controller.rb
|
17
|
+
- app/views/layouts/cbac.html.erb
|
18
|
+
- app/views/cbac/generic_roles/index.html.erb
|
19
|
+
- app/views/cbac/memberships/index.html.erb
|
20
|
+
- app/views/cbac/memberships/_update.html.erb
|
21
|
+
- app/views/cbac/permissions/index.html.erb
|
22
|
+
- app/views/cbac/permissions/_update.html.erb
|
23
|
+
- public/stylesheets/cbac.css
|
24
|
+
- test/fixtures/cbac_permissions.yml
|
25
|
+
- test/fixtures/cbac_generic_roles.yml
|
26
|
+
- test/fixtures/cbac_memberships.yml
|
27
|
+
|
28
|
+
|
29
|
+
EXAMPLE
|
30
|
+
./script/generate cbac
|
31
|
+
|
32
|
+
MORE INFO
|
33
|
+
http://cbac.rubyforge.org/
|
34
34
|
|
@@ -0,0 +1,75 @@
|
|
1
|
+
require 'rbconfig'
|
2
|
+
|
3
|
+
class CbacGenerator < Rails::Generators::Base
|
4
|
+
include Rails::Generators::Migration
|
5
|
+
|
6
|
+
def self.source_root
|
7
|
+
@source_root ||= File.join(File.dirname(__FILE__), 'copy_files')
|
8
|
+
end
|
9
|
+
|
10
|
+
# Implement the required interface for Rails::Generators::Migration.
|
11
|
+
# taken from http://github.com/rails/rails/blob/master/activerecord/lib/generators/active_record.rb
|
12
|
+
def self.next_migration_number(dirname)
|
13
|
+
if ActiveRecord::Base.timestamped_migrations
|
14
|
+
Time.now.utc.strftime("%Y%m%d%H%M%S")
|
15
|
+
else
|
16
|
+
"%.3d" % (current_migration_number(dirname) + 1)
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
def manifest
|
21
|
+
puts Dir.getwd
|
22
|
+
|
23
|
+
# developer files
|
24
|
+
empty_directory "config/cbac"
|
25
|
+
copy_file "config/privileges.rb", "config/cbac/privileges.rb", :collision => :skip
|
26
|
+
copy_file "config/context_roles.rb", "config/cbac/context_roles.rb", :collision => :skip
|
27
|
+
|
28
|
+
# deployment file
|
29
|
+
copy_file "config/cbac.pristine", "config/cbac/cbac.pristine", :collision => :skip
|
30
|
+
|
31
|
+
# administration pages
|
32
|
+
empty_directory "app/controllers/cbac"
|
33
|
+
copy_file "controllers/permissions_controller.rb", "app/controllers/cbac/permissions_controller.rb"
|
34
|
+
copy_file "controllers/generic_roles_controller.rb", "app/controllers/cbac/generic_roles_controller.rb"
|
35
|
+
copy_file "controllers/memberships_controller.rb", "app/controllers/cbac/memberships_controller.rb"
|
36
|
+
copy_file "controllers/upgrade_controller.rb", "app/controllers/cbac/upgrade_controller.rb"
|
37
|
+
empty_directory "app/views/layouts"
|
38
|
+
copy_file "views/layouts/cbac.html.erb", "app/views/layouts/cbac.html.erb"
|
39
|
+
empty_directory "app/views/cbac"
|
40
|
+
empty_directory "app/views/cbac/permissions"
|
41
|
+
empty_directory "app/views/cbac/generic_roles"
|
42
|
+
empty_directory "app/views/cbac/memberships"
|
43
|
+
empty_directory "app/views/cbac/upgrade"
|
44
|
+
copy_file "views/permissions/index.html.erb", "app/views/cbac/permissions/index.html.erb"
|
45
|
+
copy_file "views/permissions/_update_context_role.html.erb", "app/views/cbac/permissions/_update_context_role.html.erb"
|
46
|
+
copy_file "views/permissions/_update_generic_role.html.erb", "app/views/cbac/permissions/_update_generic_role.html.erb"
|
47
|
+
copy_file "views/generic_roles/index.html.erb", "app/views/cbac/generic_roles/index.html.erb"
|
48
|
+
copy_file "views/memberships/index.html.erb", "app/views/cbac/memberships/index.html.erb"
|
49
|
+
copy_file "views/memberships/_update.html.erb", "app/views/cbac/memberships/_update.html.erb"
|
50
|
+
copy_file "views/upgrade/index.html.erb", "app/views/cbac/upgrade/index.html.erb"
|
51
|
+
empty_directory "public/stylesheets"
|
52
|
+
copy_file "stylesheets/cbac.css", "public/stylesheets/cbac.css"
|
53
|
+
|
54
|
+
# migrations
|
55
|
+
#puts "type of m: " + class.name
|
56
|
+
if self.class.migration_exists?("#{::Rails.root.to_s}/db/migrate", "create_cbac")
|
57
|
+
# This is an upgrade from a previous version of CBAC
|
58
|
+
migration_template "migrate/create_cbac_upgrade_path.rb", "db/migrate/create_cbac_upgrade_path" unless self.class.migration_exists?("#{::Rails.root.to_s}/db/migrate", "create_cbac_upgrade_path")
|
59
|
+
else
|
60
|
+
# This is the first install of CBAC into the current project
|
61
|
+
migration_template "migrate/create_cbac_from_scratch.rb", "db/migrate/create_cbac_from_scratch" unless self.class.migration_exists?("#{::Rails.root.to_s}/db/migrate", "create_cbac_from_scratch")
|
62
|
+
end
|
63
|
+
# default fixtures
|
64
|
+
copy_file "fixtures/cbac_permissions.yml", "test/fixtures/cbac_permissions.yml"
|
65
|
+
copy_file "fixtures/cbac_generic_roles.yml", "test/fixtures/cbac_generic_roles.yml"
|
66
|
+
copy_file "fixtures/cbac_memberships.yml", "test/fixtures/cbac_memberships.yml"
|
67
|
+
|
68
|
+
# initializer
|
69
|
+
copy_file "initializers/cbac_config.rb", "config/initializers/cbac_config.rb"
|
70
|
+
|
71
|
+
# Rake task
|
72
|
+
empty_directory "lib/tasks"
|
73
|
+
copy_file "tasks/cbac.rake", "lib/tasks/cbac.rake"
|
74
|
+
end
|
75
|
+
end
|
@@ -1,2 +1,2 @@
|
|
1
|
-
0:+:PrivilegeSet(login) ContextRole(everybody)
|
2
|
-
1:+:PrivilegeSet(cbac_administration) Admin()
|
1
|
+
0:+:PrivilegeSet(login) ContextRole(everybody)
|
2
|
+
1:+:PrivilegeSet(cbac_administration) Admin()
|
@@ -0,0 +1,17 @@
|
|
1
|
+
### context_roles.rb
|
2
|
+
#
|
3
|
+
# Defines the context roles for the CBAC system
|
4
|
+
#
|
5
|
+
include Cbac
|
6
|
+
puts "Loading context_roles"
|
7
|
+
|
8
|
+
# Defining context roles
|
9
|
+
ContextRole.add :everybody do
|
10
|
+
true
|
11
|
+
end
|
12
|
+
ContextRole.add :not_logged_in_user do |context|
|
13
|
+
context.current_user.nil?
|
14
|
+
end
|
15
|
+
ContextRole.add :logged_in_user do |context|
|
16
|
+
not context.current_user.nil?
|
17
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
### Privileges.rb
|
2
|
+
#
|
3
|
+
# Defines the privilegesets and privileges for the CBAC system
|
4
|
+
#
|
5
|
+
include Cbac
|
6
|
+
puts "Loading privilegesets"
|
7
|
+
|
8
|
+
cbac do
|
9
|
+
set :public, "Stuff that is always accessible" do
|
10
|
+
# Insert public conroller/methods here
|
11
|
+
end
|
12
|
+
|
13
|
+
set :cbac_administration, "Allows administration of CBAC modules" do
|
14
|
+
in_module :cbac do
|
15
|
+
get "permissions", :index
|
16
|
+
post "permissions", :create
|
17
|
+
get "memberships", :index
|
18
|
+
post "memberships", :create
|
19
|
+
get "generic_roles", :index
|
20
|
+
post "generic_roles", :update, :create, :delete
|
21
|
+
get "upgrade", :index
|
22
|
+
post "upgrade", :update
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|