cbac 0.6.1 → 0.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Manifest +70 -74
- data/README.rdoc +51 -51
- data/Rakefile +39 -39
- data/cbac.gemspec +30 -31
- data/config/cbac/context_roles.rb +21 -21
- data/config/cbac/privileges.rb +50 -50
- data/context_roles.rb +21 -21
- data/init.rb +3 -3
- data/lib/cbac.rb +132 -132
- data/lib/cbac/cbac_pristine/pristine.rb +138 -135
- data/lib/cbac/cbac_pristine/pristine_file.rb +173 -170
- data/lib/cbac/cbac_pristine/pristine_permission.rb +205 -194
- data/lib/cbac/cbac_pristine/pristine_role.rb +41 -41
- data/lib/cbac/config.rb +9 -9
- data/lib/cbac/context_role.rb +27 -27
- data/lib/cbac/generic_role.rb +5 -5
- data/lib/cbac/known_permission.rb +14 -14
- data/lib/cbac/membership.rb +3 -3
- data/lib/cbac/permission.rb +5 -5
- data/lib/cbac/privilege.rb +117 -117
- data/lib/cbac/privilege_new_api.rb +56 -56
- data/lib/cbac/privilege_set.rb +29 -29
- data/lib/cbac/privilege_set_record.rb +6 -6
- data/lib/cbac/setup.rb +37 -37
- data/lib/generators/cbac/USAGE +33 -33
- data/lib/generators/cbac/cbac_generator.rb +75 -75
- data/lib/generators/cbac/copy_files/config/cbac.pristine +2 -2
- data/lib/generators/cbac/copy_files/config/context_roles.rb +17 -17
- data/lib/generators/cbac/copy_files/config/privileges.rb +25 -25
- data/lib/generators/cbac/copy_files/controllers/generic_roles_controller.rb +30 -30
- data/lib/generators/cbac/copy_files/controllers/memberships_controller.rb +22 -22
- data/lib/generators/cbac/copy_files/controllers/permissions_controller.rb +61 -61
- data/lib/generators/cbac/copy_files/controllers/upgrade_controller.rb +23 -23
- data/lib/generators/cbac/copy_files/fixtures/cbac_generic_roles.yml +9 -9
- data/lib/generators/cbac/copy_files/fixtures/cbac_memberships.yml +8 -8
- data/lib/generators/cbac/copy_files/fixtures/cbac_permissions.yml +8 -8
- data/lib/generators/cbac/copy_files/initializers/cbac_config.rb +4 -4
- data/lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb +59 -59
- data/lib/generators/cbac/copy_files/migrate/create_cbac_upgrade_path.rb +40 -31
- data/lib/generators/cbac/copy_files/stylesheets/cbac.css +65 -65
- data/lib/generators/cbac/copy_files/tasks/cbac.rake +345 -345
- data/lib/generators/cbac/copy_files/views/generic_roles/index.html.erb +58 -58
- data/lib/generators/cbac/copy_files/views/layouts/cbac.html.erb +18 -18
- data/lib/generators/cbac/copy_files/views/memberships/_update.html.erb +11 -11
- data/lib/generators/cbac/copy_files/views/memberships/index.html.erb +23 -23
- data/lib/generators/cbac/copy_files/views/permissions/_update_context_role.html.erb +11 -11
- data/lib/generators/cbac/copy_files/views/permissions/_update_generic_role.html.erb +11 -11
- data/lib/generators/cbac/copy_files/views/permissions/index.html.erb +39 -39
- data/lib/generators/cbac/copy_files/views/upgrade/index.html.erb +31 -31
- data/migrations/20110211105533_add_pristine_files_to_cbac_upgrade_path.rb +16 -0
- data/privileges.rb +50 -50
- data/spec/cbac_pristine_file_spec.rb +329 -329
- data/spec/cbac_pristine_permission_spec.rb +358 -358
- data/spec/cbac_pristine_role_spec.rb +85 -85
- data/spec/rcov.opts +1 -1
- data/spec/spec.opts +4 -4
- data/spec/spec_helper.rb +11 -11
- data/tasks/cbac.rake +345 -345
- data/test/fixtures/cbac_generic_roles.yml +9 -9
- data/test/fixtures/cbac_memberships.yml +8 -8
- data/test/fixtures/cbac_permissions.yml +14 -14
- data/test/fixtures/cbac_privilege_set.yml +18 -18
- data/test/test_cbac_actions.rb +71 -71
- data/test/test_cbac_authorize_context_roles.rb +39 -39
- data/test/test_cbac_authorize_generic_roles.rb +36 -36
- data/test/test_cbac_context_role.rb +50 -50
- data/test/test_cbac_privilege.rb +151 -151
- data/test/test_cbac_privilege_set.rb +50 -50
- data/test/test_helper.rb +28 -28
- metadata +14 -15
- data/nbproject/private/private.properties +0 -3
- data/nbproject/private/private.xml +0 -4
- data/nbproject/private/rake-d.txt +0 -0
- data/nbproject/project.properties +0 -9
- data/nbproject/project.xml +0 -16
@@ -1,42 +1,42 @@
|
|
1
|
-
require 'active_record'
|
2
|
-
module Cbac
|
3
|
-
module CbacPristine
|
4
|
-
class PristineRole < ActiveRecord::Base
|
5
|
-
set_table_name "cbac_staged_roles"
|
6
|
-
|
7
|
-
def self.ROLE_TYPES
|
8
|
-
{:context => "context", :generic => "generic", :admin => "administrator"}
|
9
|
-
end
|
10
|
-
|
11
|
-
|
12
|
-
#convert this cbac role to a yml statement which can be used to create a yml fixtures file
|
13
|
-
#executing this statement will result in one cbac_generic_role in the DB
|
14
|
-
def to_yml_fixture(fixture_id = nil)
|
15
|
-
fixture_id = role_id if fixture_id.nil?
|
16
|
-
|
17
|
-
return '' if role_type == Cbac::CbacPristine::PristineRole.ROLE_TYPES[:context]
|
18
|
-
raise ArgumentError, "cannot convert role #{id.to_s} to yml, because it has no name" if name.blank?
|
19
|
-
|
20
|
-
yml = "cbac_generic_role_00" << fixture_id.to_s << ":\n"
|
21
|
-
yml << " id: " << fixture_id.to_s << "\n"
|
22
|
-
yml << " name: " << name << "\n"
|
23
|
-
yml << " created_at: " << Time.now.strftime("%Y-%m-%d %H:%M:%S") << "\n"
|
24
|
-
yml << " updated_at: " << Time.now.strftime("%Y-%m-%d %H:%M:%S") << "\n"
|
25
|
-
yml << "\n"
|
26
|
-
end
|
27
|
-
|
28
|
-
def known_permission_type
|
29
|
-
# NOTE: known permissions use different type definitions than pristine roles.
|
30
|
-
# They only use the file type to determine if it is a generic or context role.
|
31
|
-
# Context roles include the admin role (same file) while pristine roles use a different type
|
32
|
-
role_type == PristineRole.ROLE_TYPES[:generic] ? Cbac::KnownPermission.PERMISSION_TYPES[:generic] : Cbac::KnownPermission.PERMISSION_TYPES[:context]
|
33
|
-
end
|
34
|
-
|
35
|
-
def self.admin_role(use_db = true)
|
36
|
-
admin_role = use_db ? PristineRole.first(:conditions => {:role_type => PristineRole.ROLE_TYPES[:admin]}) : nil
|
37
|
-
|
38
|
-
admin_role.nil? ? PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator") : admin_role
|
39
|
-
end
|
40
|
-
end
|
41
|
-
end
|
1
|
+
require 'active_record'
|
2
|
+
module Cbac
|
3
|
+
module CbacPristine
|
4
|
+
class PristineRole < ActiveRecord::Base
|
5
|
+
set_table_name "cbac_staged_roles"
|
6
|
+
|
7
|
+
def self.ROLE_TYPES
|
8
|
+
{:context => "context", :generic => "generic", :admin => "administrator"}
|
9
|
+
end
|
10
|
+
|
11
|
+
|
12
|
+
#convert this cbac role to a yml statement which can be used to create a yml fixtures file
|
13
|
+
#executing this statement will result in one cbac_generic_role in the DB
|
14
|
+
def to_yml_fixture(fixture_id = nil)
|
15
|
+
fixture_id = role_id if fixture_id.nil?
|
16
|
+
|
17
|
+
return '' if role_type == Cbac::CbacPristine::PristineRole.ROLE_TYPES[:context]
|
18
|
+
raise ArgumentError, "cannot convert role #{id.to_s} to yml, because it has no name" if name.blank?
|
19
|
+
|
20
|
+
yml = "cbac_generic_role_00" << fixture_id.to_s << ":\n"
|
21
|
+
yml << " id: " << fixture_id.to_s << "\n"
|
22
|
+
yml << " name: " << name << "\n"
|
23
|
+
yml << " created_at: " << Time.now.strftime("%Y-%m-%d %H:%M:%S") << "\n"
|
24
|
+
yml << " updated_at: " << Time.now.strftime("%Y-%m-%d %H:%M:%S") << "\n"
|
25
|
+
yml << "\n"
|
26
|
+
end
|
27
|
+
|
28
|
+
def known_permission_type
|
29
|
+
# NOTE: known permissions use different type definitions than pristine roles.
|
30
|
+
# They only use the file type to determine if it is a generic or context role.
|
31
|
+
# Context roles include the admin role (same file) while pristine roles use a different type
|
32
|
+
role_type == PristineRole.ROLE_TYPES[:generic] ? Cbac::KnownPermission.PERMISSION_TYPES[:generic] : Cbac::KnownPermission.PERMISSION_TYPES[:context]
|
33
|
+
end
|
34
|
+
|
35
|
+
def self.admin_role(use_db = true)
|
36
|
+
admin_role = use_db ? PristineRole.first(:conditions => {:role_type => PristineRole.ROLE_TYPES[:admin]}) : nil
|
37
|
+
|
38
|
+
admin_role.nil? ? PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator") : admin_role
|
39
|
+
end
|
40
|
+
end
|
41
|
+
end
|
42
42
|
end
|
data/lib/cbac/config.rb
CHANGED
@@ -1,10 +1,10 @@
|
|
1
|
-
module Cbac
|
2
|
-
# Class containing configuration options for the Cbac system. The following
|
3
|
-
# configuration options are supported: verbose. Determines whether or not to
|
4
|
-
# output results to the console. All outputs are processed as puts commands.
|
5
|
-
class Config
|
6
|
-
class << self
|
7
|
-
attr_accessor :verbose
|
8
|
-
end
|
9
|
-
end
|
1
|
+
module Cbac
|
2
|
+
# Class containing configuration options for the Cbac system. The following
|
3
|
+
# configuration options are supported: verbose. Determines whether or not to
|
4
|
+
# output results to the console. All outputs are processed as puts commands.
|
5
|
+
class Config
|
6
|
+
class << self
|
7
|
+
attr_accessor :verbose
|
8
|
+
end
|
9
|
+
end
|
10
10
|
end
|
data/lib/cbac/context_role.rb
CHANGED
@@ -1,27 +1,27 @@
|
|
1
|
-
# ContextRole is the class containing the context role definitions
|
2
|
-
#
|
3
|
-
# Usage: ContextRole.add :logged_in_user, "!session[:currentuser].nil?"
|
4
|
-
class ContextRole
|
5
|
-
class << self
|
6
|
-
# Hash containing all the context roles. Keys are the role names Values are
|
7
|
-
# the Ruby eval strings Eval strings must result in true or false
|
8
|
-
attr_reader :roles
|
9
|
-
|
10
|
-
# Adds a context role to the list of context roles. @symbol defines the name
|
11
|
-
# of the context role @context_rule defines the ruby code to be evaluated
|
12
|
-
# when determining role membership
|
13
|
-
#
|
14
|
-
# If the context role already exists, an exception is thrown.
|
15
|
-
def add(symbol, context_rule = "", &block)
|
16
|
-
symbol = symbol.to_sym
|
17
|
-
@roles = Hash.new if @roles.nil?
|
18
|
-
raise ArgumentError, "CBAC: ContextRole was already defined:" + symbol.to_s if @roles.keys.include?(symbol)
|
19
|
-
# TODO following code
|
20
|
-
#raise ArgumentError, "CBAC: cannot specify both string rule and block rule" unless context_rule.nil? and block.nil?
|
21
|
-
# TODO context parameter in block statement is not explicitly tested
|
22
|
-
block = eval("Proc.new {|context| " + context_rule + "}") if block.nil?
|
23
|
-
@roles[symbol] = block
|
24
|
-
end
|
25
|
-
end
|
26
|
-
end
|
27
|
-
|
1
|
+
# ContextRole is the class containing the context role definitions
|
2
|
+
#
|
3
|
+
# Usage: ContextRole.add :logged_in_user, "!session[:currentuser].nil?"
|
4
|
+
class ContextRole
|
5
|
+
class << self
|
6
|
+
# Hash containing all the context roles. Keys are the role names Values are
|
7
|
+
# the Ruby eval strings Eval strings must result in true or false
|
8
|
+
attr_reader :roles
|
9
|
+
|
10
|
+
# Adds a context role to the list of context roles. @symbol defines the name
|
11
|
+
# of the context role @context_rule defines the ruby code to be evaluated
|
12
|
+
# when determining role membership
|
13
|
+
#
|
14
|
+
# If the context role already exists, an exception is thrown.
|
15
|
+
def add(symbol, context_rule = "", &block)
|
16
|
+
symbol = symbol.to_sym
|
17
|
+
@roles = Hash.new if @roles.nil?
|
18
|
+
raise ArgumentError, "CBAC: ContextRole was already defined:" + symbol.to_s if @roles.keys.include?(symbol)
|
19
|
+
# TODO following code
|
20
|
+
#raise ArgumentError, "CBAC: cannot specify both string rule and block rule" unless context_rule.nil? and block.nil?
|
21
|
+
# TODO context parameter in block statement is not explicitly tested
|
22
|
+
block = eval("Proc.new {|context| " + context_rule + "}") if block.nil?
|
23
|
+
@roles[symbol] = block
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
data/lib/cbac/generic_role.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
|
-
class Cbac::GenericRole < ActiveRecord::Base
|
2
|
-
set_table_name "cbac_generic_roles"
|
3
|
-
|
4
|
-
has_many :generic_role_members, :class_name => "Cbac::Membership", :foreign_key => "generic_role_id"
|
5
|
-
has_many :permissions, :class_name => "Cbac::Permission", :foreign_key => "generic_role_id"
|
1
|
+
class Cbac::GenericRole < ActiveRecord::Base
|
2
|
+
set_table_name "cbac_generic_roles"
|
3
|
+
|
4
|
+
has_many :generic_role_members, :class_name => "Cbac::Membership", :foreign_key => "generic_role_id"
|
5
|
+
has_many :permissions, :class_name => "Cbac::Permission", :foreign_key => "generic_role_id"
|
6
6
|
end
|
@@ -1,14 +1,14 @@
|
|
1
|
-
class Cbac::KnownPermission < ActiveRecord::Base
|
2
|
-
set_table_name "cbac_known_permissions"
|
3
|
-
|
4
|
-
cattr_accessor :PERMISSION_TYPES
|
5
|
-
@@PERMISSION_TYPES = {:context => 0, :generic => 1}
|
6
|
-
|
7
|
-
def self.find_context_permissions(conditions = {})
|
8
|
-
all(:conditions => conditions.merge(:permission_type => @@PERMISSION_TYPES[:context]))
|
9
|
-
end
|
10
|
-
|
11
|
-
def self.find_generic_permissions(conditions = {})
|
12
|
-
all(:conditions => conditions.merge(:permission_type => @@PERMISSION_TYPES[:generic]))
|
13
|
-
end
|
14
|
-
end
|
1
|
+
class Cbac::KnownPermission < ActiveRecord::Base
|
2
|
+
set_table_name "cbac_known_permissions"
|
3
|
+
|
4
|
+
cattr_accessor :PERMISSION_TYPES
|
5
|
+
@@PERMISSION_TYPES = {:context => 0, :generic => 1}
|
6
|
+
|
7
|
+
def self.find_context_permissions(conditions = {})
|
8
|
+
all(:conditions => conditions.merge(:permission_type => @@PERMISSION_TYPES[:context]))
|
9
|
+
end
|
10
|
+
|
11
|
+
def self.find_generic_permissions(conditions = {})
|
12
|
+
all(:conditions => conditions.merge(:permission_type => @@PERMISSION_TYPES[:generic]))
|
13
|
+
end
|
14
|
+
end
|
data/lib/cbac/membership.rb
CHANGED
@@ -1,4 +1,4 @@
|
|
1
|
-
class Cbac::Membership < ActiveRecord::Base
|
2
|
-
set_table_name "cbac_memberships"
|
3
|
-
belongs_to :generic_role, :class_name => "Cbac::GenericRole", :foreign_key => "generic_role_id"
|
1
|
+
class Cbac::Membership < ActiveRecord::Base
|
2
|
+
set_table_name "cbac_memberships"
|
3
|
+
belongs_to :generic_role, :class_name => "Cbac::GenericRole", :foreign_key => "generic_role_id"
|
4
4
|
end
|
data/lib/cbac/permission.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
|
-
class Cbac::Permission < ActiveRecord::Base
|
2
|
-
set_table_name "cbac_permissions"
|
3
|
-
|
4
|
-
belongs_to :generic_role, :class_name => "Cbac::GenericRole", :foreign_key => "generic_role_id"
|
5
|
-
belongs_to :privilege_set, :class_name => "Cbac::PrivilegeSetRecord", :foreign_key => "privilege_set_id"
|
1
|
+
class Cbac::Permission < ActiveRecord::Base
|
2
|
+
set_table_name "cbac_permissions"
|
3
|
+
|
4
|
+
belongs_to :generic_role, :class_name => "Cbac::GenericRole", :foreign_key => "generic_role_id"
|
5
|
+
belongs_to :privilege_set, :class_name => "Cbac::PrivilegeSetRecord", :foreign_key => "privilege_set_id"
|
6
6
|
end
|
data/lib/cbac/privilege.rb
CHANGED
@@ -1,117 +1,117 @@
|
|
1
|
-
# Class containing all the privileges
|
2
|
-
#
|
3
|
-
# To define a new controller method resource: Privilege.resource :privilegeset,
|
4
|
-
# "controller/method"
|
5
|
-
#
|
6
|
-
class Privilege
|
7
|
-
class << self
|
8
|
-
attr_reader :get_resources, :post_resources, :model_attributes, :models
|
9
|
-
|
10
|
-
# The includes hash contains references to inheritence. The key points to the
|
11
|
-
# base class, the value is an array of children.
|
12
|
-
#
|
13
|
-
# Example:
|
14
|
-
# If Child inherits from Parent, then the structure would be:
|
15
|
-
# includes[:Parent] = [:Child]
|
16
|
-
attr_reader :includes
|
17
|
-
|
18
|
-
# Links a resource with a PrivilegeSet
|
19
|
-
#
|
20
|
-
# An ArgumentError exception is thrown if the PrivilegeSet does not exist.
|
21
|
-
# To create PrivilegeSets, use the PrivilegeSet.add method
|
22
|
-
def resource(privilege_set, method, action="GET")
|
23
|
-
privilege_set = privilege_set.to_sym
|
24
|
-
@get_resources = Hash.new if @get_resources.nil?
|
25
|
-
@post_resources = Hash.new if @post_resources.nil?
|
26
|
-
action_aliases = {"GET" => ["GET", "get", "g","idempotent"], "POST" => ["POST", "post", "p"]}
|
27
|
-
raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{privilege_set}" unless PrivilegeSet.sets.include?(privilege_set)
|
28
|
-
action_option = action_aliases.find { |name, aliases| aliases.include?(action.to_s) }
|
29
|
-
raise ArgumentError, "CBAC: Wrong value for argument 'action' in Privilege.resource: #{action}" if action_option.nil?
|
30
|
-
case action_option[0]
|
31
|
-
when "GET"
|
32
|
-
(@get_resources[method] ||= Array.new) << PrivilegeSet.sets[privilege_set]
|
33
|
-
(@includes[privilege_set] || Array.new).each {|child_set| (@get_resources[method] ||= Array.new) << PrivilegeSet.sets[child_set]} unless @includes.nil?
|
34
|
-
when "POST"
|
35
|
-
(@post_resources[method] ||= Array.new) << PrivilegeSet.sets[privilege_set]
|
36
|
-
(@includes[privilege_set] || Array.new).each {|child_set| (@post_resources[method] ||= Array.new) << PrivilegeSet.sets[child_set]} unless @includes.nil?
|
37
|
-
else
|
38
|
-
raise "CBAC: This should never happen (incorrect HTTP action)"
|
39
|
-
end
|
40
|
-
end
|
41
|
-
|
42
|
-
# Make a privilege set dependant on other privilege set(s).
|
43
|
-
#
|
44
|
-
# Usage:
|
45
|
-
# Privilege.include :child_set, :base_set
|
46
|
-
# Privilege.include :child_set, [:base_set_1, :base_set_2]
|
47
|
-
#
|
48
|
-
# An ArgumentError exception is thrown if any of the PrivilegeSet methods do not exist.
|
49
|
-
def include(privilege_set, included_privilege_set)
|
50
|
-
@includes = Hash.new if @includes.nil?
|
51
|
-
child_set = privilege_set.to_sym
|
52
|
-
raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{child_set}" unless PrivilegeSet.sets.include?(child_set)
|
53
|
-
included_privilege_set = [included_privilege_set] unless included_privilege_set.is_a?(Enumerable)
|
54
|
-
included_privilege_set.each do |base_set|
|
55
|
-
# Check for existence of PrivilegeSet
|
56
|
-
raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{base_set}" unless PrivilegeSet.sets.include?(base_set)
|
57
|
-
# Adds the references
|
58
|
-
(@includes[base_set.to_sym] ||= Array.new) << child_set
|
59
|
-
# Copies existing resources
|
60
|
-
@get_resources.each do |method, privilege_sets|
|
61
|
-
resource child_set, method, :get if privilege_sets.any? {|set| set.name == base_set.to_s}
|
62
|
-
end
|
63
|
-
@post_resources.each do |method, privilege_sets|
|
64
|
-
resource child_set, method, :post if privilege_sets.any? {|set| set.name == base_set.to_s}
|
65
|
-
end
|
66
|
-
end
|
67
|
-
end
|
68
|
-
|
69
|
-
|
70
|
-
def model_attribute
|
71
|
-
|
72
|
-
end
|
73
|
-
def model
|
74
|
-
|
75
|
-
end
|
76
|
-
|
77
|
-
# Finds the privilege sets associated with the given controller_method and
|
78
|
-
# action_type Valid values for action_type are "get", "post" and "put".
|
79
|
-
# "put" is converted into "post".
|
80
|
-
#
|
81
|
-
# Usage:
|
82
|
-
# Privilege.select "my_controller/action", :get
|
83
|
-
#
|
84
|
-
# Returns an array of PrivilegeSet objects
|
85
|
-
#
|
86
|
-
# If incorrect values are given for action_type the method will raise an
|
87
|
-
# ArgumentError. If the controller and action name are not found, an
|
88
|
-
# exception is being raised.
|
89
|
-
def select(controller_method, action_type)
|
90
|
-
action_type = action_type.to_s
|
91
|
-
post_methods = ["post", "put", "delete"]
|
92
|
-
if action_type == "get"
|
93
|
-
privilege_sets = Privilege.get_resources[controller_method]
|
94
|
-
else if post_methods.include?(action_type)
|
95
|
-
privilege_sets = Privilege.post_resources[controller_method]
|
96
|
-
else
|
97
|
-
raise ArgumentError, "CBAC: Incorrect action_type: #{action_type}"
|
98
|
-
end
|
99
|
-
end
|
100
|
-
# Error handling if no privilege_sets were found
|
101
|
-
if privilege_sets.nil?
|
102
|
-
if action_type == "get"
|
103
|
-
if !Privilege.post_resources[controller_method].nil?
|
104
|
-
raise "CBAC: PrivilegeSets only exist for other action: post on method: #{controller_method}"
|
105
|
-
end
|
106
|
-
else
|
107
|
-
if !Privilege.get_resources[controller_method].nil?
|
108
|
-
raise "CBAC: PrivilegeSets only exist for other action: get on method: #{controller_method}"
|
109
|
-
end
|
110
|
-
end
|
111
|
-
raise "CBAC: Could not find any privilege sets associated with: #{controller_method} and action: #{action_type}" +
|
112
|
-
"Available GET resources:\n" + Privilege.get_resources.inject("") {|sum, (key, value)| sum + key.to_s + "\n"}
|
113
|
-
end
|
114
|
-
privilege_sets
|
115
|
-
end
|
116
|
-
end
|
117
|
-
end
|
1
|
+
# Class containing all the privileges
|
2
|
+
#
|
3
|
+
# To define a new controller method resource: Privilege.resource :privilegeset,
|
4
|
+
# "controller/method"
|
5
|
+
#
|
6
|
+
class Privilege
|
7
|
+
class << self
|
8
|
+
attr_reader :get_resources, :post_resources, :model_attributes, :models
|
9
|
+
|
10
|
+
# The includes hash contains references to inheritence. The key points to the
|
11
|
+
# base class, the value is an array of children.
|
12
|
+
#
|
13
|
+
# Example:
|
14
|
+
# If Child inherits from Parent, then the structure would be:
|
15
|
+
# includes[:Parent] = [:Child]
|
16
|
+
attr_reader :includes
|
17
|
+
|
18
|
+
# Links a resource with a PrivilegeSet
|
19
|
+
#
|
20
|
+
# An ArgumentError exception is thrown if the PrivilegeSet does not exist.
|
21
|
+
# To create PrivilegeSets, use the PrivilegeSet.add method
|
22
|
+
def resource(privilege_set, method, action="GET")
|
23
|
+
privilege_set = privilege_set.to_sym
|
24
|
+
@get_resources = Hash.new if @get_resources.nil?
|
25
|
+
@post_resources = Hash.new if @post_resources.nil?
|
26
|
+
action_aliases = {"GET" => ["GET", "get", "g","idempotent"], "POST" => ["POST", "post", "p"]}
|
27
|
+
raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{privilege_set}" unless PrivilegeSet.sets.include?(privilege_set)
|
28
|
+
action_option = action_aliases.find { |name, aliases| aliases.include?(action.to_s) }
|
29
|
+
raise ArgumentError, "CBAC: Wrong value for argument 'action' in Privilege.resource: #{action}" if action_option.nil?
|
30
|
+
case action_option[0]
|
31
|
+
when "GET"
|
32
|
+
(@get_resources[method] ||= Array.new) << PrivilegeSet.sets[privilege_set]
|
33
|
+
(@includes[privilege_set] || Array.new).each {|child_set| (@get_resources[method] ||= Array.new) << PrivilegeSet.sets[child_set]} unless @includes.nil?
|
34
|
+
when "POST"
|
35
|
+
(@post_resources[method] ||= Array.new) << PrivilegeSet.sets[privilege_set]
|
36
|
+
(@includes[privilege_set] || Array.new).each {|child_set| (@post_resources[method] ||= Array.new) << PrivilegeSet.sets[child_set]} unless @includes.nil?
|
37
|
+
else
|
38
|
+
raise "CBAC: This should never happen (incorrect HTTP action)"
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
# Make a privilege set dependant on other privilege set(s).
|
43
|
+
#
|
44
|
+
# Usage:
|
45
|
+
# Privilege.include :child_set, :base_set
|
46
|
+
# Privilege.include :child_set, [:base_set_1, :base_set_2]
|
47
|
+
#
|
48
|
+
# An ArgumentError exception is thrown if any of the PrivilegeSet methods do not exist.
|
49
|
+
def include(privilege_set, included_privilege_set)
|
50
|
+
@includes = Hash.new if @includes.nil?
|
51
|
+
child_set = privilege_set.to_sym
|
52
|
+
raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{child_set}" unless PrivilegeSet.sets.include?(child_set)
|
53
|
+
included_privilege_set = [included_privilege_set] unless included_privilege_set.is_a?(Enumerable)
|
54
|
+
included_privilege_set.each do |base_set|
|
55
|
+
# Check for existence of PrivilegeSet
|
56
|
+
raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{base_set}" unless PrivilegeSet.sets.include?(base_set)
|
57
|
+
# Adds the references
|
58
|
+
(@includes[base_set.to_sym] ||= Array.new) << child_set
|
59
|
+
# Copies existing resources
|
60
|
+
@get_resources.each do |method, privilege_sets|
|
61
|
+
resource child_set, method, :get if privilege_sets.any? {|set| set.name == base_set.to_s}
|
62
|
+
end
|
63
|
+
@post_resources.each do |method, privilege_sets|
|
64
|
+
resource child_set, method, :post if privilege_sets.any? {|set| set.name == base_set.to_s}
|
65
|
+
end
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
69
|
+
|
70
|
+
def model_attribute
|
71
|
+
|
72
|
+
end
|
73
|
+
def model
|
74
|
+
|
75
|
+
end
|
76
|
+
|
77
|
+
# Finds the privilege sets associated with the given controller_method and
|
78
|
+
# action_type Valid values for action_type are "get", "post" and "put".
|
79
|
+
# "put" is converted into "post".
|
80
|
+
#
|
81
|
+
# Usage:
|
82
|
+
# Privilege.select "my_controller/action", :get
|
83
|
+
#
|
84
|
+
# Returns an array of PrivilegeSet objects
|
85
|
+
#
|
86
|
+
# If incorrect values are given for action_type the method will raise an
|
87
|
+
# ArgumentError. If the controller and action name are not found, an
|
88
|
+
# exception is being raised.
|
89
|
+
def select(controller_method, action_type)
|
90
|
+
action_type = action_type.to_s
|
91
|
+
post_methods = ["post", "put", "delete"]
|
92
|
+
if action_type == "get"
|
93
|
+
privilege_sets = Privilege.get_resources[controller_method]
|
94
|
+
else if post_methods.include?(action_type)
|
95
|
+
privilege_sets = Privilege.post_resources[controller_method]
|
96
|
+
else
|
97
|
+
raise ArgumentError, "CBAC: Incorrect action_type: #{action_type}"
|
98
|
+
end
|
99
|
+
end
|
100
|
+
# Error handling if no privilege_sets were found
|
101
|
+
if privilege_sets.nil?
|
102
|
+
if action_type == "get"
|
103
|
+
if !Privilege.post_resources[controller_method].nil?
|
104
|
+
raise "CBAC: PrivilegeSets only exist for other action: post on method: #{controller_method}"
|
105
|
+
end
|
106
|
+
else
|
107
|
+
if !Privilege.get_resources[controller_method].nil?
|
108
|
+
raise "CBAC: PrivilegeSets only exist for other action: get on method: #{controller_method}"
|
109
|
+
end
|
110
|
+
end
|
111
|
+
raise "CBAC: Could not find any privilege sets associated with: #{controller_method} and action: #{action_type}" +
|
112
|
+
"Available GET resources:\n" + Privilege.get_resources.inject("") {|sum, (key, value)| sum + key.to_s + "\n"}
|
113
|
+
end
|
114
|
+
privilege_sets
|
115
|
+
end
|
116
|
+
end
|
117
|
+
end
|