cbac 0.6.1 → 0.6.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (75) hide show
  1. data/Manifest +70 -74
  2. data/README.rdoc +51 -51
  3. data/Rakefile +39 -39
  4. data/cbac.gemspec +30 -31
  5. data/config/cbac/context_roles.rb +21 -21
  6. data/config/cbac/privileges.rb +50 -50
  7. data/context_roles.rb +21 -21
  8. data/init.rb +3 -3
  9. data/lib/cbac.rb +132 -132
  10. data/lib/cbac/cbac_pristine/pristine.rb +138 -135
  11. data/lib/cbac/cbac_pristine/pristine_file.rb +173 -170
  12. data/lib/cbac/cbac_pristine/pristine_permission.rb +205 -194
  13. data/lib/cbac/cbac_pristine/pristine_role.rb +41 -41
  14. data/lib/cbac/config.rb +9 -9
  15. data/lib/cbac/context_role.rb +27 -27
  16. data/lib/cbac/generic_role.rb +5 -5
  17. data/lib/cbac/known_permission.rb +14 -14
  18. data/lib/cbac/membership.rb +3 -3
  19. data/lib/cbac/permission.rb +5 -5
  20. data/lib/cbac/privilege.rb +117 -117
  21. data/lib/cbac/privilege_new_api.rb +56 -56
  22. data/lib/cbac/privilege_set.rb +29 -29
  23. data/lib/cbac/privilege_set_record.rb +6 -6
  24. data/lib/cbac/setup.rb +37 -37
  25. data/lib/generators/cbac/USAGE +33 -33
  26. data/lib/generators/cbac/cbac_generator.rb +75 -75
  27. data/lib/generators/cbac/copy_files/config/cbac.pristine +2 -2
  28. data/lib/generators/cbac/copy_files/config/context_roles.rb +17 -17
  29. data/lib/generators/cbac/copy_files/config/privileges.rb +25 -25
  30. data/lib/generators/cbac/copy_files/controllers/generic_roles_controller.rb +30 -30
  31. data/lib/generators/cbac/copy_files/controllers/memberships_controller.rb +22 -22
  32. data/lib/generators/cbac/copy_files/controllers/permissions_controller.rb +61 -61
  33. data/lib/generators/cbac/copy_files/controllers/upgrade_controller.rb +23 -23
  34. data/lib/generators/cbac/copy_files/fixtures/cbac_generic_roles.yml +9 -9
  35. data/lib/generators/cbac/copy_files/fixtures/cbac_memberships.yml +8 -8
  36. data/lib/generators/cbac/copy_files/fixtures/cbac_permissions.yml +8 -8
  37. data/lib/generators/cbac/copy_files/initializers/cbac_config.rb +4 -4
  38. data/lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb +59 -59
  39. data/lib/generators/cbac/copy_files/migrate/create_cbac_upgrade_path.rb +40 -31
  40. data/lib/generators/cbac/copy_files/stylesheets/cbac.css +65 -65
  41. data/lib/generators/cbac/copy_files/tasks/cbac.rake +345 -345
  42. data/lib/generators/cbac/copy_files/views/generic_roles/index.html.erb +58 -58
  43. data/lib/generators/cbac/copy_files/views/layouts/cbac.html.erb +18 -18
  44. data/lib/generators/cbac/copy_files/views/memberships/_update.html.erb +11 -11
  45. data/lib/generators/cbac/copy_files/views/memberships/index.html.erb +23 -23
  46. data/lib/generators/cbac/copy_files/views/permissions/_update_context_role.html.erb +11 -11
  47. data/lib/generators/cbac/copy_files/views/permissions/_update_generic_role.html.erb +11 -11
  48. data/lib/generators/cbac/copy_files/views/permissions/index.html.erb +39 -39
  49. data/lib/generators/cbac/copy_files/views/upgrade/index.html.erb +31 -31
  50. data/migrations/20110211105533_add_pristine_files_to_cbac_upgrade_path.rb +16 -0
  51. data/privileges.rb +50 -50
  52. data/spec/cbac_pristine_file_spec.rb +329 -329
  53. data/spec/cbac_pristine_permission_spec.rb +358 -358
  54. data/spec/cbac_pristine_role_spec.rb +85 -85
  55. data/spec/rcov.opts +1 -1
  56. data/spec/spec.opts +4 -4
  57. data/spec/spec_helper.rb +11 -11
  58. data/tasks/cbac.rake +345 -345
  59. data/test/fixtures/cbac_generic_roles.yml +9 -9
  60. data/test/fixtures/cbac_memberships.yml +8 -8
  61. data/test/fixtures/cbac_permissions.yml +14 -14
  62. data/test/fixtures/cbac_privilege_set.yml +18 -18
  63. data/test/test_cbac_actions.rb +71 -71
  64. data/test/test_cbac_authorize_context_roles.rb +39 -39
  65. data/test/test_cbac_authorize_generic_roles.rb +36 -36
  66. data/test/test_cbac_context_role.rb +50 -50
  67. data/test/test_cbac_privilege.rb +151 -151
  68. data/test/test_cbac_privilege_set.rb +50 -50
  69. data/test/test_helper.rb +28 -28
  70. metadata +14 -15
  71. data/nbproject/private/private.properties +0 -3
  72. data/nbproject/private/private.xml +0 -4
  73. data/nbproject/private/rake-d.txt +0 -0
  74. data/nbproject/project.properties +0 -9
  75. data/nbproject/project.xml +0 -16
data/context_roles.rb CHANGED
@@ -1,21 +1,21 @@
1
- ### context_roles.rb
2
- #
3
- # Defines the context roles for the CBAC system
4
- #
5
- include Cbac
6
-
7
- # Defining context roles
8
- ContextRole.add :not_logged_in_user, 'current_user == 0'
9
- ContextRole.add :logged_in_user, 'current_user.to_i > 0'
10
- ContextRole.add :everybody, "true"
11
- ContextRole.add :news_owner do
12
- context[:post].user.id == current_user
13
- end
14
-
15
- ContextRole.add :news_owner_with_email do
16
- return false if News.find(params[:id]).author_id == current_user
17
- return false if User.find(current_user).email.nil?
18
- true
19
- end
20
-
21
-
1
+ ### context_roles.rb
2
+ #
3
+ # Defines the context roles for the CBAC system
4
+ #
5
+ include Cbac
6
+
7
+ # Defining context roles
8
+ ContextRole.add :not_logged_in_user, 'current_user == 0'
9
+ ContextRole.add :logged_in_user, 'current_user.to_i > 0'
10
+ ContextRole.add :everybody, "true"
11
+ ContextRole.add :news_owner do
12
+ context[:post].user.id == current_user
13
+ end
14
+
15
+ ContextRole.add :news_owner_with_email do
16
+ return false if News.find(params[:id]).author_id == current_user
17
+ return false if User.find(current_user).email.nil?
18
+ true
19
+ end
20
+
21
+
data/init.rb CHANGED
@@ -1,3 +1,3 @@
1
- # Include CBAC core file
2
- require File.dirname(__FILE__) + '/lib/cbac.rb'
3
-
1
+ # Include CBAC core file
2
+ require File.dirname(__FILE__) + '/lib/cbac.rb'
3
+
data/lib/cbac.rb CHANGED
@@ -1,132 +1,132 @@
1
- # TODO: Check the permission table for double entries, ie: both an entry in the
2
- # generic_role_id field and an entry in the context_role field. Solution: solve
3
- # via model. Update model & add test
4
- require "cbac/setup"
5
- require "cbac/config"
6
- require "cbac/context_role"
7
- require "cbac/generic_role"
8
- require "cbac/known_permission"
9
- require "cbac/membership"
10
- require "cbac/permission"
11
- require "cbac/privilege"
12
- require "cbac/privilege_new_api"
13
- require "cbac/privilege_set"
14
- require "cbac/privilege_set_record"
15
- require "cbac/cbac_pristine/pristine"
16
- require "cbac/cbac_pristine/pristine_file"
17
- require "cbac/cbac_pristine/pristine_permission"
18
- require "cbac/cbac_pristine/pristine_role"
19
-
20
- # The following code contains configuration options. You can turn them on for
21
- # gem development. For actual usage, it is advisable to set the configuration
22
- # options in the environment files.
23
- Cbac::Config.verbose = true
24
-
25
- # Module containing the bootstrap code
26
- module Cbac
27
- def cbac_boot!
28
- if Cbac::Setup.check
29
- puts "CBAC properly installed"
30
-
31
- require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/privilege'))
32
- require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/privilege_set'))
33
- require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/context_role'))
34
- require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine'))
35
- require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine_file'))
36
- require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine_permission'))
37
-
38
- # check performs a check to see if the user is allowed to access the given
39
- # resource. Example: authorization_check("BlogController", "index", :get)
40
- def authorization_check(controller, action, request, context = {})
41
- # Determine the controller to look for
42
- controller_method = [controller, action].join("/")
43
- # Get the privilegesets
44
- privilege_sets = Privilege.select(controller_method, request)
45
- # Check the privilege sets
46
- check_privilege_sets(privilege_sets, context)
47
- end
48
-
49
- # Check the given privilege_set symbol
50
- # TODO following code is not yet tested
51
- def check_privilege_set(privilege_set, context = {})
52
- check_privilege_sets([PrivilegeSet.sets[privilege_set.to_sym]], context)
53
- end
54
-
55
- # Check the given privilege_sets
56
- def check_privilege_sets(privilege_sets, context = {})
57
- # Check the generic roles
58
- return true if privilege_sets.any? { |set| Cbac::GenericRole.find(:all, :conditions => ["user_id= ? AND privilege_set_id = ?", current_user, set.id],:joins => [:generic_role_members, :permissions]).length > 0 }
59
- # Check the context roles Get the permissions
60
- privilege_sets.collect{|privilege_set|Cbac::Permission.find(:all, :conditions => ["privilege_set_id = ? AND generic_role_id = 0", privilege_set.id.to_s])}.flatten.each do |permission|
61
- puts "Checking for context_role:#{permission.context_role} on privilege_set:#{permission.privilege_set.name}" if Cbac::Config.verbose
62
- eval_string = ContextRole.roles[permission.context_role.to_sym]
63
- begin
64
- return true if eval_string.call(context)
65
- rescue Exception => e
66
- puts "Error in context role: #{permission.context_role} on privilege_set: #{permission.privilege_set.name}. Context: #{context}"
67
- raise e if RAILS_ENV == "development" or RAILS_ENV == "test" # In development mode, this should crash as hard as possible, but in further stages, it should not
68
- end
69
- end
70
- # not authorized
71
- puts "Not authorized for: #{privilege_sets.to_s}" if Cbac::Config.verbose
72
- false
73
- end
74
-
75
- # Code that performs authorization
76
- def authorize
77
- authorization_check(params[:controller], params[:action], request.request_method.downcase, self) || unauthorized
78
- end
79
-
80
- # Default unauthorized method Override this method to supply your own code
81
- # for incorrect authorization
82
- def unauthorized
83
- render :text => "You are not authorized to perform this action", :status => 401
84
- end
85
-
86
- # Default implementation of the current_user method
87
- def current_user_id
88
- session[:currentuser].to_i
89
- end
90
-
91
- # Load controller classes and methods
92
- def load_controller_methods
93
- begin
94
- Dir.glob("app/controllers/**/*.rb").each{|file| require file}
95
- rescue LoadError
96
- raise "Could not load controller classes"
97
- end
98
- # Make this iterative TODO
99
- @classes = ApplicationController.subclasses
100
- end
101
-
102
- # Extracts the class name from the filename
103
- def extract_class_name(filename)
104
- File.basename(filename).chomp(".rb").camelize
105
- end
106
-
107
- # ### Initializer Include privileges file - contains the privilege and
108
- # privilege definitions
109
- begin
110
- require File.join(::Rails.root.to_s, "config", "cbac", "privileges.rb")
111
- rescue MissingSourceFile
112
- puts "CBAC warning: Could not load config/cbac/privileges.rb (Did you run ./script/generate cbac?)"
113
- end
114
- # Include context roles file - contains the context role definitions
115
- begin
116
- require File.join(::Rails.root.to_s, "config", "cbac", "context_roles.rb")
117
- rescue MissingSourceFile
118
- puts "CBAC warning: Could not load config/cbac/context_roles.rb (Did you run ./script/generate cbac?)"
119
- end
120
-
121
- # ### Database autoload code
122
- else
123
- # This is the code that is executed if CBAc is not properly installed/
124
- # configured. It includes a different authorize method, aimes at refusing
125
- # all authorizations
126
- def authorize
127
- render :text => "Authorization error", :status => 401
128
- false
129
- end
130
- end
131
- end
132
- end
1
+ # TODO: Check the permission table for double entries, ie: both an entry in the
2
+ # generic_role_id field and an entry in the context_role field. Solution: solve
3
+ # via model. Update model & add test
4
+ require "cbac/setup"
5
+ require "cbac/config"
6
+ require "cbac/context_role"
7
+ require "cbac/generic_role"
8
+ require "cbac/known_permission"
9
+ require "cbac/membership"
10
+ require "cbac/permission"
11
+ require "cbac/privilege"
12
+ require "cbac/privilege_new_api"
13
+ require "cbac/privilege_set"
14
+ require "cbac/privilege_set_record"
15
+ require "cbac/cbac_pristine/pristine"
16
+ require "cbac/cbac_pristine/pristine_file"
17
+ require "cbac/cbac_pristine/pristine_permission"
18
+ require "cbac/cbac_pristine/pristine_role"
19
+
20
+ # The following code contains configuration options. You can turn them on for
21
+ # gem development. For actual usage, it is advisable to set the configuration
22
+ # options in the environment files.
23
+ Cbac::Config.verbose = true
24
+
25
+ # Module containing the bootstrap code
26
+ module Cbac
27
+ def cbac_boot!
28
+ if Cbac::Setup.check
29
+ puts "CBAC properly installed"
30
+
31
+ require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/privilege'))
32
+ require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/privilege_set'))
33
+ require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/context_role'))
34
+ require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine'))
35
+ require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine_file'))
36
+ require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine_permission'))
37
+
38
+ # check performs a check to see if the user is allowed to access the given
39
+ # resource. Example: authorization_check("BlogController", "index", :get)
40
+ def authorization_check(controller, action, request, context = {})
41
+ # Determine the controller to look for
42
+ controller_method = [controller, action].join("/")
43
+ # Get the privilegesets
44
+ privilege_sets = Privilege.select(controller_method, request)
45
+ # Check the privilege sets
46
+ check_privilege_sets(privilege_sets, context)
47
+ end
48
+
49
+ # Check the given privilege_set symbol
50
+ # TODO following code is not yet tested
51
+ def check_privilege_set(privilege_set, context = {})
52
+ check_privilege_sets([PrivilegeSet.sets[privilege_set.to_sym]], context)
53
+ end
54
+
55
+ # Check the given privilege_sets
56
+ def check_privilege_sets(privilege_sets, context = {})
57
+ # Check the generic roles
58
+ return true if privilege_sets.any? { |set| Cbac::GenericRole.find(:all, :conditions => ["user_id= ? AND privilege_set_id = ?", current_user, set.id],:joins => [:generic_role_members, :permissions]).length > 0 }
59
+ # Check the context roles Get the permissions
60
+ privilege_sets.collect{|privilege_set|Cbac::Permission.find(:all, :conditions => ["privilege_set_id = ? AND generic_role_id = 0", privilege_set.id.to_s])}.flatten.each do |permission|
61
+ puts "Checking for context_role:#{permission.context_role} on privilege_set:#{permission.privilege_set.name}" if Cbac::Config.verbose
62
+ eval_string = ContextRole.roles[permission.context_role.to_sym]
63
+ begin
64
+ return true if eval_string.call(context)
65
+ rescue Exception => e
66
+ puts "Error in context role: #{permission.context_role} on privilege_set: #{permission.privilege_set.name}. Context: #{context}"
67
+ raise e if RAILS_ENV == "development" or RAILS_ENV == "test" # In development mode, this should crash as hard as possible, but in further stages, it should not
68
+ end
69
+ end
70
+ # not authorized
71
+ puts "Not authorized for: #{privilege_sets.to_s}" if Cbac::Config.verbose
72
+ false
73
+ end
74
+
75
+ # Code that performs authorization
76
+ def authorize
77
+ authorization_check(params[:controller], params[:action], request.request_method.downcase, self) || unauthorized
78
+ end
79
+
80
+ # Default unauthorized method Override this method to supply your own code
81
+ # for incorrect authorization
82
+ def unauthorized
83
+ render :text => "You are not authorized to perform this action", :status => 401
84
+ end
85
+
86
+ # Default implementation of the current_user method
87
+ def current_user_id
88
+ session[:currentuser].to_i
89
+ end
90
+
91
+ # Load controller classes and methods
92
+ def load_controller_methods
93
+ begin
94
+ Dir.glob("app/controllers/**/*.rb").each{|file| require file}
95
+ rescue LoadError
96
+ raise "Could not load controller classes"
97
+ end
98
+ # Make this iterative TODO
99
+ @classes = ApplicationController.subclasses
100
+ end
101
+
102
+ # Extracts the class name from the filename
103
+ def extract_class_name(filename)
104
+ File.basename(filename).chomp(".rb").camelize
105
+ end
106
+
107
+ # ### Initializer Include privileges file - contains the privilege and
108
+ # privilege definitions
109
+ begin
110
+ require File.join(::Rails.root.to_s, "config", "cbac", "privileges.rb")
111
+ rescue MissingSourceFile
112
+ puts "CBAC warning: Could not load config/cbac/privileges.rb (Did you run ./script/generate cbac?)"
113
+ end
114
+ # Include context roles file - contains the context role definitions
115
+ begin
116
+ require File.join(::Rails.root.to_s, "config", "cbac", "context_roles.rb")
117
+ rescue MissingSourceFile
118
+ puts "CBAC warning: Could not load config/cbac/context_roles.rb (Did you run ./script/generate cbac?)"
119
+ end
120
+
121
+ # ### Database autoload code
122
+ else
123
+ # This is the code that is executed if CBAc is not properly installed/
124
+ # configured. It includes a different authorize method, aimes at refusing
125
+ # all authorizations
126
+ def authorize
127
+ render :text => "Authorization error", :status => 401
128
+ false
129
+ end
130
+ end
131
+ end
132
+ end
@@ -1,135 +1,138 @@
1
- require File.expand_path(File.join(File.dirname(__FILE__), 'pristine_file'))
2
- require File.expand_path(File.join(File.dirname(__FILE__), 'pristine_permission'))
3
-
4
- module Cbac
5
- module CbacPristine
6
- #creates a yml file containing all generic roles from the specified pristine file objects
7
- def create_generic_role_fixtures_file(pristine_files, fixtures_file_name)
8
- roles = []
9
-
10
- pristine_files.each do |pristine_file|
11
- #if the pristine file wasn't parsed yet, we'll do it here
12
- pristine_file.parse(false) if pristine_file.permissions.empty?
13
- pristine_file.generic_roles.each do |generic_role|
14
- # we only want the unique generic roles, because the yml file cannot have duplicates
15
- has_role = false
16
- roles.each do |role|
17
- if role.name == generic_role.name
18
- has_role = true
19
- end
20
- end
21
- roles.push(generic_role) unless has_role
22
- end
23
- end
24
- create_fixtures_file(roles, fixtures_file_name)
25
- end
26
-
27
- # creates a yml file containing all cbac_permissions from the specified pristine file objects
28
- def create_permissions_fixtures_file(pristine_files, fixtures_file_name)
29
- permissions = []
30
-
31
- pristine_files.each do |pristine_file|
32
- pristine_file.parse(false) if pristine_file.permissions.empty?
33
- pristine_file.permission_set.each do |line|
34
- permissions.push(line)
35
- end
36
- end
37
- create_fixtures_file(permissions, fixtures_file_name)
38
- end
39
-
40
- # turns the fixtures into yml and writes them to a file with specified name.
41
- def create_fixtures_file(fixtures, fixtures_file_name)
42
- File.delete(fixtures_file_name) if File.exists?(fixtures_file_name)
43
- f = File.new(fixtures_file_name, "w")
44
- flock(f, File::LOCK_EX) do |f|
45
- fixtures.each_with_index do |fixture, index|
46
- f.write(fixture.to_yml_fixture(index + 1))
47
- end
48
- end
49
- end
50
-
51
- # set all cbac permissions and generic roles to the state in the specified pristine file objects
52
- def set_pristine_state(pristine_files, clear_tables)
53
- clear_cbac_tables if clear_tables
54
- pristine_files.each do |pristine_file|
55
- pristine_file.parse if pristine_file.permissions.empty?
56
- pristine_file.permissions.each do |permission|
57
- permission.accept
58
- end
59
- end
60
- end
61
-
62
- # stage all unknown cbac_permissions
63
- def stage_permissions(pristine_files)
64
-
65
- pristine_files.each do |pristine_file|
66
- pristine_file.parse(true) if pristine_file.permissions.empty?
67
- pristine_file.permissions.each do |permission|
68
- permission.stage
69
- end
70
- end
71
- end
72
-
73
- def clear_cbac_tables
74
- Cbac::GenericRole.delete_all
75
- Cbac::Membership.delete_all
76
- Cbac::Permission.delete_all
77
- Cbac::KnownPermission.delete_all
78
- Cbac::CbacPristine::PristinePermission.delete_all
79
- Cbac::CbacPristine::PristineRole.delete_all
80
- end
81
-
82
- def delete_generic_known_permissions
83
- known_permissions = Cbac::KnownPermission.find(:all, :conditions => {:permission_type => Cbac::KnownPermission.PERMISSION_TYPES[:generic]})
84
- known_permissions.each { |p| p.destroy }
85
- end
86
-
87
- def delete_generic_permissions
88
- permissions = Cbac::Permission.find(:all, :conditions => {:context_role => nil})
89
- # for backwards compatibility, generic_role name was administrators instead of administrator
90
- # SMELL: administrator role *only* identified by name
91
- (permissions.select { |perm| perm.generic_role.name != "administrator" and perm.generic_role.name != "administrators" }).each { |p| p.destroy }
92
- end
93
-
94
- def delete_non_generic_staged_permissions
95
- PristinePermission.delete_non_generic_permissions
96
- end
97
-
98
- def delete_generic_staged_permissions
99
- PristinePermission.delete_generic_permissions
100
- end
101
-
102
- def database_contains_cbac_data?
103
- return (Cbac::GenericRole.count != 0 or Cbac::Membership.count != 0 or Cbac::Permission.count != 0 or Cbac::KnownPermission.count != 0 or Cbac::CbacPristine::PristinePermission.count != 0 or Cbac::CbacPristine::PristineRole.count != 0)
104
- end
105
-
106
- def create_generic_pristine_file(file_name)
107
- GenericPristineFile.new(file_name)
108
- end
109
-
110
- def create_pristine_file(file_name)
111
- PristineFile.new(file_name)
112
- end
113
-
114
- def number_of_generic_staged_permissions
115
- PristinePermission.count_generic_permissions
116
- end
117
-
118
- def number_of_non_generic_staged_permissions
119
- PristinePermission.count_non_generic_permissions
120
- end
121
-
122
- def flock(file, mode)
123
- success = file.flock(mode)
124
- if success
125
- begin
126
- yield file
127
- ensure
128
- file.flock(File::LOCK_UN)
129
- end
130
- end
131
- return success
132
- end
133
-
134
- end
135
- end
1
+ require File.expand_path(File.join(File.dirname(__FILE__), 'pristine_file'))
2
+ require File.expand_path(File.join(File.dirname(__FILE__), 'pristine_permission'))
3
+
4
+ module Cbac
5
+ module CbacPristine
6
+ #creates a yml file containing all generic roles from the specified pristine file objects
7
+ def create_generic_role_fixtures_file(pristine_files, fixtures_file_name)
8
+ roles = []
9
+
10
+ pristine_files.each do |pristine_file|
11
+ #if the pristine file wasn't parsed yet, we'll do it here
12
+ pristine_file.parse(false) if pristine_file.permissions.empty?
13
+ pristine_file.generic_roles.each do |generic_role|
14
+ # we only want the unique generic roles, because the yml file cannot have duplicates
15
+ has_role = false
16
+ roles.each do |role|
17
+ if role.name == generic_role.name
18
+ has_role = true
19
+ end
20
+ end
21
+ roles.push(generic_role) unless has_role
22
+ end
23
+ end
24
+ create_fixtures_file(roles, fixtures_file_name)
25
+ end
26
+
27
+ # creates a yml file containing all cbac_permissions from the specified pristine file objects
28
+ def create_permissions_fixtures_file(pristine_files, fixtures_file_name)
29
+ permissions = []
30
+
31
+ pristine_files.each do |pristine_file|
32
+ pristine_file.parse(false) if pristine_file.permissions.empty?
33
+ pristine_file.permission_set.each do |line|
34
+ permissions.push(line)
35
+ end
36
+ end
37
+ create_fixtures_file(permissions, fixtures_file_name)
38
+ end
39
+
40
+ # turns the fixtures into yml and writes them to a file with specified name.
41
+ def create_fixtures_file(fixtures, fixtures_file_name)
42
+ File.delete(fixtures_file_name) if File.exists?(fixtures_file_name)
43
+ f = File.new(fixtures_file_name, "w")
44
+ flock(f, File::LOCK_EX) do |f|
45
+ fixtures.each_with_index do |fixture, index|
46
+ f.write(fixture.to_yml_fixture(index + 1))
47
+ end
48
+ end
49
+ end
50
+
51
+ # set all cbac permissions and generic roles to the state in the specified pristine file objects
52
+ def set_pristine_state(pristine_files, clear_tables)
53
+ clear_cbac_tables if clear_tables
54
+ pristine_files.each do |pristine_file|
55
+ pristine_file.parse if pristine_file.permissions.empty?
56
+ pristine_file.permissions.each do |permission|
57
+ permission.accept
58
+ end
59
+ end
60
+ end
61
+
62
+ # stage all unknown cbac_permissions
63
+ def stage_permissions(pristine_files)
64
+
65
+ pristine_files.each do |pristine_file|
66
+ pristine_file.parse(true) if pristine_file.permissions.empty?
67
+ pristine_file.permissions.each do |permission|
68
+ permission.stage
69
+ end
70
+ end
71
+ end
72
+
73
+ def clear_cbac_tables
74
+ Cbac::GenericRole.delete_all
75
+ Cbac::Membership.delete_all
76
+ Cbac::Permission.delete_all
77
+ Cbac::KnownPermission.delete_all
78
+ Cbac::CbacPristine::PristineFile.delete_all
79
+ Cbac::CbacPristine::PristinePermission.delete_all
80
+ Cbac::CbacPristine::PristineRole.delete_all
81
+ end
82
+
83
+ def delete_generic_known_permissions
84
+ known_permissions = Cbac::KnownPermission.find(:all, :conditions => {:permission_type => Cbac::KnownPermission.PERMISSION_TYPES[:generic]})
85
+ known_permissions.each { |p| p.destroy }
86
+ end
87
+
88
+ def delete_generic_permissions
89
+ permissions = Cbac::Permission.find(:all, :conditions => {:context_role => nil})
90
+ # for backwards compatibility, generic_role name was administrators instead of administrator
91
+ # SMELL: administrator role *only* identified by name
92
+ (permissions.select { |perm| perm.generic_role.name != "administrator" and perm.generic_role.name != "administrators" }).each { |p| p.destroy }
93
+ end
94
+
95
+ def delete_non_generic_staged_permissions
96
+ PristinePermission.delete_non_generic_permissions
97
+ end
98
+
99
+ def delete_generic_staged_permissions
100
+ PristinePermission.delete_generic_permissions
101
+ end
102
+
103
+ def database_contains_cbac_data?
104
+ (Cbac::GenericRole.count != 0 or Cbac::Membership.count != 0 or Cbac::Permission.count != 0 or Cbac::KnownPermission.count != 0 or Cbac::CbacPristine::PristinePermission.count != 0 or Cbac::CbacPristine::PristineRole.count != 0)
105
+ end
106
+
107
+ def find_or_create_generic_pristine_file(file_name)
108
+ pristine_file = GenericPristineFile.find_by_file_name(file_name)
109
+ pristine_file.present? ? pristine_file : GenericPristineFile.create(:file_name => file_name)
110
+ end
111
+
112
+ def find_or_create_pristine_file(file_name)
113
+ pristine_file = PristineFile.find_by_file_name(file_name)
114
+ pristine_file.present? ? pristine_file : PristineFile.create(:file_name => file_name)
115
+ end
116
+
117
+ def number_of_generic_staged_permissions
118
+ PristinePermission.count_generic_permissions
119
+ end
120
+
121
+ def number_of_non_generic_staged_permissions
122
+ PristinePermission.count_non_generic_permissions
123
+ end
124
+
125
+ def flock(file, mode)
126
+ success = file.flock(mode)
127
+ if success
128
+ begin
129
+ yield file
130
+ ensure
131
+ file.flock(File::LOCK_UN)
132
+ end
133
+ end
134
+ return success
135
+ end
136
+
137
+ end
138
+ end