cbac 0.6.1 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. data/Manifest +70 -74
  2. data/README.rdoc +51 -51
  3. data/Rakefile +39 -39
  4. data/cbac.gemspec +30 -31
  5. data/config/cbac/context_roles.rb +21 -21
  6. data/config/cbac/privileges.rb +50 -50
  7. data/context_roles.rb +21 -21
  8. data/init.rb +3 -3
  9. data/lib/cbac.rb +132 -132
  10. data/lib/cbac/cbac_pristine/pristine.rb +138 -135
  11. data/lib/cbac/cbac_pristine/pristine_file.rb +173 -170
  12. data/lib/cbac/cbac_pristine/pristine_permission.rb +205 -194
  13. data/lib/cbac/cbac_pristine/pristine_role.rb +41 -41
  14. data/lib/cbac/config.rb +9 -9
  15. data/lib/cbac/context_role.rb +27 -27
  16. data/lib/cbac/generic_role.rb +5 -5
  17. data/lib/cbac/known_permission.rb +14 -14
  18. data/lib/cbac/membership.rb +3 -3
  19. data/lib/cbac/permission.rb +5 -5
  20. data/lib/cbac/privilege.rb +117 -117
  21. data/lib/cbac/privilege_new_api.rb +56 -56
  22. data/lib/cbac/privilege_set.rb +29 -29
  23. data/lib/cbac/privilege_set_record.rb +6 -6
  24. data/lib/cbac/setup.rb +37 -37
  25. data/lib/generators/cbac/USAGE +33 -33
  26. data/lib/generators/cbac/cbac_generator.rb +75 -75
  27. data/lib/generators/cbac/copy_files/config/cbac.pristine +2 -2
  28. data/lib/generators/cbac/copy_files/config/context_roles.rb +17 -17
  29. data/lib/generators/cbac/copy_files/config/privileges.rb +25 -25
  30. data/lib/generators/cbac/copy_files/controllers/generic_roles_controller.rb +30 -30
  31. data/lib/generators/cbac/copy_files/controllers/memberships_controller.rb +22 -22
  32. data/lib/generators/cbac/copy_files/controllers/permissions_controller.rb +61 -61
  33. data/lib/generators/cbac/copy_files/controllers/upgrade_controller.rb +23 -23
  34. data/lib/generators/cbac/copy_files/fixtures/cbac_generic_roles.yml +9 -9
  35. data/lib/generators/cbac/copy_files/fixtures/cbac_memberships.yml +8 -8
  36. data/lib/generators/cbac/copy_files/fixtures/cbac_permissions.yml +8 -8
  37. data/lib/generators/cbac/copy_files/initializers/cbac_config.rb +4 -4
  38. data/lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb +59 -59
  39. data/lib/generators/cbac/copy_files/migrate/create_cbac_upgrade_path.rb +40 -31
  40. data/lib/generators/cbac/copy_files/stylesheets/cbac.css +65 -65
  41. data/lib/generators/cbac/copy_files/tasks/cbac.rake +345 -345
  42. data/lib/generators/cbac/copy_files/views/generic_roles/index.html.erb +58 -58
  43. data/lib/generators/cbac/copy_files/views/layouts/cbac.html.erb +18 -18
  44. data/lib/generators/cbac/copy_files/views/memberships/_update.html.erb +11 -11
  45. data/lib/generators/cbac/copy_files/views/memberships/index.html.erb +23 -23
  46. data/lib/generators/cbac/copy_files/views/permissions/_update_context_role.html.erb +11 -11
  47. data/lib/generators/cbac/copy_files/views/permissions/_update_generic_role.html.erb +11 -11
  48. data/lib/generators/cbac/copy_files/views/permissions/index.html.erb +39 -39
  49. data/lib/generators/cbac/copy_files/views/upgrade/index.html.erb +31 -31
  50. data/migrations/20110211105533_add_pristine_files_to_cbac_upgrade_path.rb +16 -0
  51. data/privileges.rb +50 -50
  52. data/spec/cbac_pristine_file_spec.rb +329 -329
  53. data/spec/cbac_pristine_permission_spec.rb +358 -358
  54. data/spec/cbac_pristine_role_spec.rb +85 -85
  55. data/spec/rcov.opts +1 -1
  56. data/spec/spec.opts +4 -4
  57. data/spec/spec_helper.rb +11 -11
  58. data/tasks/cbac.rake +345 -345
  59. data/test/fixtures/cbac_generic_roles.yml +9 -9
  60. data/test/fixtures/cbac_memberships.yml +8 -8
  61. data/test/fixtures/cbac_permissions.yml +14 -14
  62. data/test/fixtures/cbac_privilege_set.yml +18 -18
  63. data/test/test_cbac_actions.rb +71 -71
  64. data/test/test_cbac_authorize_context_roles.rb +39 -39
  65. data/test/test_cbac_authorize_generic_roles.rb +36 -36
  66. data/test/test_cbac_context_role.rb +50 -50
  67. data/test/test_cbac_privilege.rb +151 -151
  68. data/test/test_cbac_privilege_set.rb +50 -50
  69. data/test/test_helper.rb +28 -28
  70. metadata +14 -15
  71. data/nbproject/private/private.properties +0 -3
  72. data/nbproject/private/private.xml +0 -4
  73. data/nbproject/private/rake-d.txt +0 -0
  74. data/nbproject/project.properties +0 -9
  75. data/nbproject/project.xml +0 -16
data/context_roles.rb CHANGED
@@ -1,21 +1,21 @@
1
- ### context_roles.rb
2
- #
3
- # Defines the context roles for the CBAC system
4
- #
5
- include Cbac
6
-
7
- # Defining context roles
8
- ContextRole.add :not_logged_in_user, 'current_user == 0'
9
- ContextRole.add :logged_in_user, 'current_user.to_i > 0'
10
- ContextRole.add :everybody, "true"
11
- ContextRole.add :news_owner do
12
- context[:post].user.id == current_user
13
- end
14
-
15
- ContextRole.add :news_owner_with_email do
16
- return false if News.find(params[:id]).author_id == current_user
17
- return false if User.find(current_user).email.nil?
18
- true
19
- end
20
-
21
-
1
+ ### context_roles.rb
2
+ #
3
+ # Defines the context roles for the CBAC system
4
+ #
5
+ include Cbac
6
+
7
+ # Defining context roles
8
+ ContextRole.add :not_logged_in_user, 'current_user == 0'
9
+ ContextRole.add :logged_in_user, 'current_user.to_i > 0'
10
+ ContextRole.add :everybody, "true"
11
+ ContextRole.add :news_owner do
12
+ context[:post].user.id == current_user
13
+ end
14
+
15
+ ContextRole.add :news_owner_with_email do
16
+ return false if News.find(params[:id]).author_id == current_user
17
+ return false if User.find(current_user).email.nil?
18
+ true
19
+ end
20
+
21
+
data/init.rb CHANGED
@@ -1,3 +1,3 @@
1
- # Include CBAC core file
2
- require File.dirname(__FILE__) + '/lib/cbac.rb'
3
-
1
+ # Include CBAC core file
2
+ require File.dirname(__FILE__) + '/lib/cbac.rb'
3
+
data/lib/cbac.rb CHANGED
@@ -1,132 +1,132 @@
1
- # TODO: Check the permission table for double entries, ie: both an entry in the
2
- # generic_role_id field and an entry in the context_role field. Solution: solve
3
- # via model. Update model & add test
4
- require "cbac/setup"
5
- require "cbac/config"
6
- require "cbac/context_role"
7
- require "cbac/generic_role"
8
- require "cbac/known_permission"
9
- require "cbac/membership"
10
- require "cbac/permission"
11
- require "cbac/privilege"
12
- require "cbac/privilege_new_api"
13
- require "cbac/privilege_set"
14
- require "cbac/privilege_set_record"
15
- require "cbac/cbac_pristine/pristine"
16
- require "cbac/cbac_pristine/pristine_file"
17
- require "cbac/cbac_pristine/pristine_permission"
18
- require "cbac/cbac_pristine/pristine_role"
19
-
20
- # The following code contains configuration options. You can turn them on for
21
- # gem development. For actual usage, it is advisable to set the configuration
22
- # options in the environment files.
23
- Cbac::Config.verbose = true
24
-
25
- # Module containing the bootstrap code
26
- module Cbac
27
- def cbac_boot!
28
- if Cbac::Setup.check
29
- puts "CBAC properly installed"
30
-
31
- require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/privilege'))
32
- require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/privilege_set'))
33
- require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/context_role'))
34
- require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine'))
35
- require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine_file'))
36
- require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine_permission'))
37
-
38
- # check performs a check to see if the user is allowed to access the given
39
- # resource. Example: authorization_check("BlogController", "index", :get)
40
- def authorization_check(controller, action, request, context = {})
41
- # Determine the controller to look for
42
- controller_method = [controller, action].join("/")
43
- # Get the privilegesets
44
- privilege_sets = Privilege.select(controller_method, request)
45
- # Check the privilege sets
46
- check_privilege_sets(privilege_sets, context)
47
- end
48
-
49
- # Check the given privilege_set symbol
50
- # TODO following code is not yet tested
51
- def check_privilege_set(privilege_set, context = {})
52
- check_privilege_sets([PrivilegeSet.sets[privilege_set.to_sym]], context)
53
- end
54
-
55
- # Check the given privilege_sets
56
- def check_privilege_sets(privilege_sets, context = {})
57
- # Check the generic roles
58
- return true if privilege_sets.any? { |set| Cbac::GenericRole.find(:all, :conditions => ["user_id= ? AND privilege_set_id = ?", current_user, set.id],:joins => [:generic_role_members, :permissions]).length > 0 }
59
- # Check the context roles Get the permissions
60
- privilege_sets.collect{|privilege_set|Cbac::Permission.find(:all, :conditions => ["privilege_set_id = ? AND generic_role_id = 0", privilege_set.id.to_s])}.flatten.each do |permission|
61
- puts "Checking for context_role:#{permission.context_role} on privilege_set:#{permission.privilege_set.name}" if Cbac::Config.verbose
62
- eval_string = ContextRole.roles[permission.context_role.to_sym]
63
- begin
64
- return true if eval_string.call(context)
65
- rescue Exception => e
66
- puts "Error in context role: #{permission.context_role} on privilege_set: #{permission.privilege_set.name}. Context: #{context}"
67
- raise e if RAILS_ENV == "development" or RAILS_ENV == "test" # In development mode, this should crash as hard as possible, but in further stages, it should not
68
- end
69
- end
70
- # not authorized
71
- puts "Not authorized for: #{privilege_sets.to_s}" if Cbac::Config.verbose
72
- false
73
- end
74
-
75
- # Code that performs authorization
76
- def authorize
77
- authorization_check(params[:controller], params[:action], request.request_method.downcase, self) || unauthorized
78
- end
79
-
80
- # Default unauthorized method Override this method to supply your own code
81
- # for incorrect authorization
82
- def unauthorized
83
- render :text => "You are not authorized to perform this action", :status => 401
84
- end
85
-
86
- # Default implementation of the current_user method
87
- def current_user_id
88
- session[:currentuser].to_i
89
- end
90
-
91
- # Load controller classes and methods
92
- def load_controller_methods
93
- begin
94
- Dir.glob("app/controllers/**/*.rb").each{|file| require file}
95
- rescue LoadError
96
- raise "Could not load controller classes"
97
- end
98
- # Make this iterative TODO
99
- @classes = ApplicationController.subclasses
100
- end
101
-
102
- # Extracts the class name from the filename
103
- def extract_class_name(filename)
104
- File.basename(filename).chomp(".rb").camelize
105
- end
106
-
107
- # ### Initializer Include privileges file - contains the privilege and
108
- # privilege definitions
109
- begin
110
- require File.join(::Rails.root.to_s, "config", "cbac", "privileges.rb")
111
- rescue MissingSourceFile
112
- puts "CBAC warning: Could not load config/cbac/privileges.rb (Did you run ./script/generate cbac?)"
113
- end
114
- # Include context roles file - contains the context role definitions
115
- begin
116
- require File.join(::Rails.root.to_s, "config", "cbac", "context_roles.rb")
117
- rescue MissingSourceFile
118
- puts "CBAC warning: Could not load config/cbac/context_roles.rb (Did you run ./script/generate cbac?)"
119
- end
120
-
121
- # ### Database autoload code
122
- else
123
- # This is the code that is executed if CBAc is not properly installed/
124
- # configured. It includes a different authorize method, aimes at refusing
125
- # all authorizations
126
- def authorize
127
- render :text => "Authorization error", :status => 401
128
- false
129
- end
130
- end
131
- end
132
- end
1
+ # TODO: Check the permission table for double entries, ie: both an entry in the
2
+ # generic_role_id field and an entry in the context_role field. Solution: solve
3
+ # via model. Update model & add test
4
+ require "cbac/setup"
5
+ require "cbac/config"
6
+ require "cbac/context_role"
7
+ require "cbac/generic_role"
8
+ require "cbac/known_permission"
9
+ require "cbac/membership"
10
+ require "cbac/permission"
11
+ require "cbac/privilege"
12
+ require "cbac/privilege_new_api"
13
+ require "cbac/privilege_set"
14
+ require "cbac/privilege_set_record"
15
+ require "cbac/cbac_pristine/pristine"
16
+ require "cbac/cbac_pristine/pristine_file"
17
+ require "cbac/cbac_pristine/pristine_permission"
18
+ require "cbac/cbac_pristine/pristine_role"
19
+
20
+ # The following code contains configuration options. You can turn them on for
21
+ # gem development. For actual usage, it is advisable to set the configuration
22
+ # options in the environment files.
23
+ Cbac::Config.verbose = true
24
+
25
+ # Module containing the bootstrap code
26
+ module Cbac
27
+ def cbac_boot!
28
+ if Cbac::Setup.check
29
+ puts "CBAC properly installed"
30
+
31
+ require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/privilege'))
32
+ require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/privilege_set'))
33
+ require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/context_role'))
34
+ require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine'))
35
+ require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine_file'))
36
+ require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine_permission'))
37
+
38
+ # check performs a check to see if the user is allowed to access the given
39
+ # resource. Example: authorization_check("BlogController", "index", :get)
40
+ def authorization_check(controller, action, request, context = {})
41
+ # Determine the controller to look for
42
+ controller_method = [controller, action].join("/")
43
+ # Get the privilegesets
44
+ privilege_sets = Privilege.select(controller_method, request)
45
+ # Check the privilege sets
46
+ check_privilege_sets(privilege_sets, context)
47
+ end
48
+
49
+ # Check the given privilege_set symbol
50
+ # TODO following code is not yet tested
51
+ def check_privilege_set(privilege_set, context = {})
52
+ check_privilege_sets([PrivilegeSet.sets[privilege_set.to_sym]], context)
53
+ end
54
+
55
+ # Check the given privilege_sets
56
+ def check_privilege_sets(privilege_sets, context = {})
57
+ # Check the generic roles
58
+ return true if privilege_sets.any? { |set| Cbac::GenericRole.find(:all, :conditions => ["user_id= ? AND privilege_set_id = ?", current_user, set.id],:joins => [:generic_role_members, :permissions]).length > 0 }
59
+ # Check the context roles Get the permissions
60
+ privilege_sets.collect{|privilege_set|Cbac::Permission.find(:all, :conditions => ["privilege_set_id = ? AND generic_role_id = 0", privilege_set.id.to_s])}.flatten.each do |permission|
61
+ puts "Checking for context_role:#{permission.context_role} on privilege_set:#{permission.privilege_set.name}" if Cbac::Config.verbose
62
+ eval_string = ContextRole.roles[permission.context_role.to_sym]
63
+ begin
64
+ return true if eval_string.call(context)
65
+ rescue Exception => e
66
+ puts "Error in context role: #{permission.context_role} on privilege_set: #{permission.privilege_set.name}. Context: #{context}"
67
+ raise e if RAILS_ENV == "development" or RAILS_ENV == "test" # In development mode, this should crash as hard as possible, but in further stages, it should not
68
+ end
69
+ end
70
+ # not authorized
71
+ puts "Not authorized for: #{privilege_sets.to_s}" if Cbac::Config.verbose
72
+ false
73
+ end
74
+
75
+ # Code that performs authorization
76
+ def authorize
77
+ authorization_check(params[:controller], params[:action], request.request_method.downcase, self) || unauthorized
78
+ end
79
+
80
+ # Default unauthorized method Override this method to supply your own code
81
+ # for incorrect authorization
82
+ def unauthorized
83
+ render :text => "You are not authorized to perform this action", :status => 401
84
+ end
85
+
86
+ # Default implementation of the current_user method
87
+ def current_user_id
88
+ session[:currentuser].to_i
89
+ end
90
+
91
+ # Load controller classes and methods
92
+ def load_controller_methods
93
+ begin
94
+ Dir.glob("app/controllers/**/*.rb").each{|file| require file}
95
+ rescue LoadError
96
+ raise "Could not load controller classes"
97
+ end
98
+ # Make this iterative TODO
99
+ @classes = ApplicationController.subclasses
100
+ end
101
+
102
+ # Extracts the class name from the filename
103
+ def extract_class_name(filename)
104
+ File.basename(filename).chomp(".rb").camelize
105
+ end
106
+
107
+ # ### Initializer Include privileges file - contains the privilege and
108
+ # privilege definitions
109
+ begin
110
+ require File.join(::Rails.root.to_s, "config", "cbac", "privileges.rb")
111
+ rescue MissingSourceFile
112
+ puts "CBAC warning: Could not load config/cbac/privileges.rb (Did you run ./script/generate cbac?)"
113
+ end
114
+ # Include context roles file - contains the context role definitions
115
+ begin
116
+ require File.join(::Rails.root.to_s, "config", "cbac", "context_roles.rb")
117
+ rescue MissingSourceFile
118
+ puts "CBAC warning: Could not load config/cbac/context_roles.rb (Did you run ./script/generate cbac?)"
119
+ end
120
+
121
+ # ### Database autoload code
122
+ else
123
+ # This is the code that is executed if CBAc is not properly installed/
124
+ # configured. It includes a different authorize method, aimes at refusing
125
+ # all authorizations
126
+ def authorize
127
+ render :text => "Authorization error", :status => 401
128
+ false
129
+ end
130
+ end
131
+ end
132
+ end
@@ -1,135 +1,138 @@
1
- require File.expand_path(File.join(File.dirname(__FILE__), 'pristine_file'))
2
- require File.expand_path(File.join(File.dirname(__FILE__), 'pristine_permission'))
3
-
4
- module Cbac
5
- module CbacPristine
6
- #creates a yml file containing all generic roles from the specified pristine file objects
7
- def create_generic_role_fixtures_file(pristine_files, fixtures_file_name)
8
- roles = []
9
-
10
- pristine_files.each do |pristine_file|
11
- #if the pristine file wasn't parsed yet, we'll do it here
12
- pristine_file.parse(false) if pristine_file.permissions.empty?
13
- pristine_file.generic_roles.each do |generic_role|
14
- # we only want the unique generic roles, because the yml file cannot have duplicates
15
- has_role = false
16
- roles.each do |role|
17
- if role.name == generic_role.name
18
- has_role = true
19
- end
20
- end
21
- roles.push(generic_role) unless has_role
22
- end
23
- end
24
- create_fixtures_file(roles, fixtures_file_name)
25
- end
26
-
27
- # creates a yml file containing all cbac_permissions from the specified pristine file objects
28
- def create_permissions_fixtures_file(pristine_files, fixtures_file_name)
29
- permissions = []
30
-
31
- pristine_files.each do |pristine_file|
32
- pristine_file.parse(false) if pristine_file.permissions.empty?
33
- pristine_file.permission_set.each do |line|
34
- permissions.push(line)
35
- end
36
- end
37
- create_fixtures_file(permissions, fixtures_file_name)
38
- end
39
-
40
- # turns the fixtures into yml and writes them to a file with specified name.
41
- def create_fixtures_file(fixtures, fixtures_file_name)
42
- File.delete(fixtures_file_name) if File.exists?(fixtures_file_name)
43
- f = File.new(fixtures_file_name, "w")
44
- flock(f, File::LOCK_EX) do |f|
45
- fixtures.each_with_index do |fixture, index|
46
- f.write(fixture.to_yml_fixture(index + 1))
47
- end
48
- end
49
- end
50
-
51
- # set all cbac permissions and generic roles to the state in the specified pristine file objects
52
- def set_pristine_state(pristine_files, clear_tables)
53
- clear_cbac_tables if clear_tables
54
- pristine_files.each do |pristine_file|
55
- pristine_file.parse if pristine_file.permissions.empty?
56
- pristine_file.permissions.each do |permission|
57
- permission.accept
58
- end
59
- end
60
- end
61
-
62
- # stage all unknown cbac_permissions
63
- def stage_permissions(pristine_files)
64
-
65
- pristine_files.each do |pristine_file|
66
- pristine_file.parse(true) if pristine_file.permissions.empty?
67
- pristine_file.permissions.each do |permission|
68
- permission.stage
69
- end
70
- end
71
- end
72
-
73
- def clear_cbac_tables
74
- Cbac::GenericRole.delete_all
75
- Cbac::Membership.delete_all
76
- Cbac::Permission.delete_all
77
- Cbac::KnownPermission.delete_all
78
- Cbac::CbacPristine::PristinePermission.delete_all
79
- Cbac::CbacPristine::PristineRole.delete_all
80
- end
81
-
82
- def delete_generic_known_permissions
83
- known_permissions = Cbac::KnownPermission.find(:all, :conditions => {:permission_type => Cbac::KnownPermission.PERMISSION_TYPES[:generic]})
84
- known_permissions.each { |p| p.destroy }
85
- end
86
-
87
- def delete_generic_permissions
88
- permissions = Cbac::Permission.find(:all, :conditions => {:context_role => nil})
89
- # for backwards compatibility, generic_role name was administrators instead of administrator
90
- # SMELL: administrator role *only* identified by name
91
- (permissions.select { |perm| perm.generic_role.name != "administrator" and perm.generic_role.name != "administrators" }).each { |p| p.destroy }
92
- end
93
-
94
- def delete_non_generic_staged_permissions
95
- PristinePermission.delete_non_generic_permissions
96
- end
97
-
98
- def delete_generic_staged_permissions
99
- PristinePermission.delete_generic_permissions
100
- end
101
-
102
- def database_contains_cbac_data?
103
- return (Cbac::GenericRole.count != 0 or Cbac::Membership.count != 0 or Cbac::Permission.count != 0 or Cbac::KnownPermission.count != 0 or Cbac::CbacPristine::PristinePermission.count != 0 or Cbac::CbacPristine::PristineRole.count != 0)
104
- end
105
-
106
- def create_generic_pristine_file(file_name)
107
- GenericPristineFile.new(file_name)
108
- end
109
-
110
- def create_pristine_file(file_name)
111
- PristineFile.new(file_name)
112
- end
113
-
114
- def number_of_generic_staged_permissions
115
- PristinePermission.count_generic_permissions
116
- end
117
-
118
- def number_of_non_generic_staged_permissions
119
- PristinePermission.count_non_generic_permissions
120
- end
121
-
122
- def flock(file, mode)
123
- success = file.flock(mode)
124
- if success
125
- begin
126
- yield file
127
- ensure
128
- file.flock(File::LOCK_UN)
129
- end
130
- end
131
- return success
132
- end
133
-
134
- end
135
- end
1
+ require File.expand_path(File.join(File.dirname(__FILE__), 'pristine_file'))
2
+ require File.expand_path(File.join(File.dirname(__FILE__), 'pristine_permission'))
3
+
4
+ module Cbac
5
+ module CbacPristine
6
+ #creates a yml file containing all generic roles from the specified pristine file objects
7
+ def create_generic_role_fixtures_file(pristine_files, fixtures_file_name)
8
+ roles = []
9
+
10
+ pristine_files.each do |pristine_file|
11
+ #if the pristine file wasn't parsed yet, we'll do it here
12
+ pristine_file.parse(false) if pristine_file.permissions.empty?
13
+ pristine_file.generic_roles.each do |generic_role|
14
+ # we only want the unique generic roles, because the yml file cannot have duplicates
15
+ has_role = false
16
+ roles.each do |role|
17
+ if role.name == generic_role.name
18
+ has_role = true
19
+ end
20
+ end
21
+ roles.push(generic_role) unless has_role
22
+ end
23
+ end
24
+ create_fixtures_file(roles, fixtures_file_name)
25
+ end
26
+
27
+ # creates a yml file containing all cbac_permissions from the specified pristine file objects
28
+ def create_permissions_fixtures_file(pristine_files, fixtures_file_name)
29
+ permissions = []
30
+
31
+ pristine_files.each do |pristine_file|
32
+ pristine_file.parse(false) if pristine_file.permissions.empty?
33
+ pristine_file.permission_set.each do |line|
34
+ permissions.push(line)
35
+ end
36
+ end
37
+ create_fixtures_file(permissions, fixtures_file_name)
38
+ end
39
+
40
+ # turns the fixtures into yml and writes them to a file with specified name.
41
+ def create_fixtures_file(fixtures, fixtures_file_name)
42
+ File.delete(fixtures_file_name) if File.exists?(fixtures_file_name)
43
+ f = File.new(fixtures_file_name, "w")
44
+ flock(f, File::LOCK_EX) do |f|
45
+ fixtures.each_with_index do |fixture, index|
46
+ f.write(fixture.to_yml_fixture(index + 1))
47
+ end
48
+ end
49
+ end
50
+
51
+ # set all cbac permissions and generic roles to the state in the specified pristine file objects
52
+ def set_pristine_state(pristine_files, clear_tables)
53
+ clear_cbac_tables if clear_tables
54
+ pristine_files.each do |pristine_file|
55
+ pristine_file.parse if pristine_file.permissions.empty?
56
+ pristine_file.permissions.each do |permission|
57
+ permission.accept
58
+ end
59
+ end
60
+ end
61
+
62
+ # stage all unknown cbac_permissions
63
+ def stage_permissions(pristine_files)
64
+
65
+ pristine_files.each do |pristine_file|
66
+ pristine_file.parse(true) if pristine_file.permissions.empty?
67
+ pristine_file.permissions.each do |permission|
68
+ permission.stage
69
+ end
70
+ end
71
+ end
72
+
73
+ def clear_cbac_tables
74
+ Cbac::GenericRole.delete_all
75
+ Cbac::Membership.delete_all
76
+ Cbac::Permission.delete_all
77
+ Cbac::KnownPermission.delete_all
78
+ Cbac::CbacPristine::PristineFile.delete_all
79
+ Cbac::CbacPristine::PristinePermission.delete_all
80
+ Cbac::CbacPristine::PristineRole.delete_all
81
+ end
82
+
83
+ def delete_generic_known_permissions
84
+ known_permissions = Cbac::KnownPermission.find(:all, :conditions => {:permission_type => Cbac::KnownPermission.PERMISSION_TYPES[:generic]})
85
+ known_permissions.each { |p| p.destroy }
86
+ end
87
+
88
+ def delete_generic_permissions
89
+ permissions = Cbac::Permission.find(:all, :conditions => {:context_role => nil})
90
+ # for backwards compatibility, generic_role name was administrators instead of administrator
91
+ # SMELL: administrator role *only* identified by name
92
+ (permissions.select { |perm| perm.generic_role.name != "administrator" and perm.generic_role.name != "administrators" }).each { |p| p.destroy }
93
+ end
94
+
95
+ def delete_non_generic_staged_permissions
96
+ PristinePermission.delete_non_generic_permissions
97
+ end
98
+
99
+ def delete_generic_staged_permissions
100
+ PristinePermission.delete_generic_permissions
101
+ end
102
+
103
+ def database_contains_cbac_data?
104
+ (Cbac::GenericRole.count != 0 or Cbac::Membership.count != 0 or Cbac::Permission.count != 0 or Cbac::KnownPermission.count != 0 or Cbac::CbacPristine::PristinePermission.count != 0 or Cbac::CbacPristine::PristineRole.count != 0)
105
+ end
106
+
107
+ def find_or_create_generic_pristine_file(file_name)
108
+ pristine_file = GenericPristineFile.find_by_file_name(file_name)
109
+ pristine_file.present? ? pristine_file : GenericPristineFile.create(:file_name => file_name)
110
+ end
111
+
112
+ def find_or_create_pristine_file(file_name)
113
+ pristine_file = PristineFile.find_by_file_name(file_name)
114
+ pristine_file.present? ? pristine_file : PristineFile.create(:file_name => file_name)
115
+ end
116
+
117
+ def number_of_generic_staged_permissions
118
+ PristinePermission.count_generic_permissions
119
+ end
120
+
121
+ def number_of_non_generic_staged_permissions
122
+ PristinePermission.count_non_generic_permissions
123
+ end
124
+
125
+ def flock(file, mode)
126
+ success = file.flock(mode)
127
+ if success
128
+ begin
129
+ yield file
130
+ ensure
131
+ file.flock(File::LOCK_UN)
132
+ end
133
+ end
134
+ return success
135
+ end
136
+
137
+ end
138
+ end