cbac 0.6.1 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. data/Manifest +70 -74
  2. data/README.rdoc +51 -51
  3. data/Rakefile +39 -39
  4. data/cbac.gemspec +30 -31
  5. data/config/cbac/context_roles.rb +21 -21
  6. data/config/cbac/privileges.rb +50 -50
  7. data/context_roles.rb +21 -21
  8. data/init.rb +3 -3
  9. data/lib/cbac.rb +132 -132
  10. data/lib/cbac/cbac_pristine/pristine.rb +138 -135
  11. data/lib/cbac/cbac_pristine/pristine_file.rb +173 -170
  12. data/lib/cbac/cbac_pristine/pristine_permission.rb +205 -194
  13. data/lib/cbac/cbac_pristine/pristine_role.rb +41 -41
  14. data/lib/cbac/config.rb +9 -9
  15. data/lib/cbac/context_role.rb +27 -27
  16. data/lib/cbac/generic_role.rb +5 -5
  17. data/lib/cbac/known_permission.rb +14 -14
  18. data/lib/cbac/membership.rb +3 -3
  19. data/lib/cbac/permission.rb +5 -5
  20. data/lib/cbac/privilege.rb +117 -117
  21. data/lib/cbac/privilege_new_api.rb +56 -56
  22. data/lib/cbac/privilege_set.rb +29 -29
  23. data/lib/cbac/privilege_set_record.rb +6 -6
  24. data/lib/cbac/setup.rb +37 -37
  25. data/lib/generators/cbac/USAGE +33 -33
  26. data/lib/generators/cbac/cbac_generator.rb +75 -75
  27. data/lib/generators/cbac/copy_files/config/cbac.pristine +2 -2
  28. data/lib/generators/cbac/copy_files/config/context_roles.rb +17 -17
  29. data/lib/generators/cbac/copy_files/config/privileges.rb +25 -25
  30. data/lib/generators/cbac/copy_files/controllers/generic_roles_controller.rb +30 -30
  31. data/lib/generators/cbac/copy_files/controllers/memberships_controller.rb +22 -22
  32. data/lib/generators/cbac/copy_files/controllers/permissions_controller.rb +61 -61
  33. data/lib/generators/cbac/copy_files/controllers/upgrade_controller.rb +23 -23
  34. data/lib/generators/cbac/copy_files/fixtures/cbac_generic_roles.yml +9 -9
  35. data/lib/generators/cbac/copy_files/fixtures/cbac_memberships.yml +8 -8
  36. data/lib/generators/cbac/copy_files/fixtures/cbac_permissions.yml +8 -8
  37. data/lib/generators/cbac/copy_files/initializers/cbac_config.rb +4 -4
  38. data/lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb +59 -59
  39. data/lib/generators/cbac/copy_files/migrate/create_cbac_upgrade_path.rb +40 -31
  40. data/lib/generators/cbac/copy_files/stylesheets/cbac.css +65 -65
  41. data/lib/generators/cbac/copy_files/tasks/cbac.rake +345 -345
  42. data/lib/generators/cbac/copy_files/views/generic_roles/index.html.erb +58 -58
  43. data/lib/generators/cbac/copy_files/views/layouts/cbac.html.erb +18 -18
  44. data/lib/generators/cbac/copy_files/views/memberships/_update.html.erb +11 -11
  45. data/lib/generators/cbac/copy_files/views/memberships/index.html.erb +23 -23
  46. data/lib/generators/cbac/copy_files/views/permissions/_update_context_role.html.erb +11 -11
  47. data/lib/generators/cbac/copy_files/views/permissions/_update_generic_role.html.erb +11 -11
  48. data/lib/generators/cbac/copy_files/views/permissions/index.html.erb +39 -39
  49. data/lib/generators/cbac/copy_files/views/upgrade/index.html.erb +31 -31
  50. data/migrations/20110211105533_add_pristine_files_to_cbac_upgrade_path.rb +16 -0
  51. data/privileges.rb +50 -50
  52. data/spec/cbac_pristine_file_spec.rb +329 -329
  53. data/spec/cbac_pristine_permission_spec.rb +358 -358
  54. data/spec/cbac_pristine_role_spec.rb +85 -85
  55. data/spec/rcov.opts +1 -1
  56. data/spec/spec.opts +4 -4
  57. data/spec/spec_helper.rb +11 -11
  58. data/tasks/cbac.rake +345 -345
  59. data/test/fixtures/cbac_generic_roles.yml +9 -9
  60. data/test/fixtures/cbac_memberships.yml +8 -8
  61. data/test/fixtures/cbac_permissions.yml +14 -14
  62. data/test/fixtures/cbac_privilege_set.yml +18 -18
  63. data/test/test_cbac_actions.rb +71 -71
  64. data/test/test_cbac_authorize_context_roles.rb +39 -39
  65. data/test/test_cbac_authorize_generic_roles.rb +36 -36
  66. data/test/test_cbac_context_role.rb +50 -50
  67. data/test/test_cbac_privilege.rb +151 -151
  68. data/test/test_cbac_privilege_set.rb +50 -50
  69. data/test/test_helper.rb +28 -28
  70. metadata +14 -15
  71. data/nbproject/private/private.properties +0 -3
  72. data/nbproject/private/private.xml +0 -4
  73. data/nbproject/private/rake-d.txt +0 -0
  74. data/nbproject/project.properties +0 -9
  75. data/nbproject/project.xml +0 -16
@@ -1,42 +1,42 @@
1
- require 'active_record'
2
- module Cbac
3
- module CbacPristine
4
- class PristineRole < ActiveRecord::Base
5
- set_table_name "cbac_staged_roles"
6
-
7
- def self.ROLE_TYPES
8
- {:context => "context", :generic => "generic", :admin => "administrator"}
9
- end
10
-
11
-
12
- #convert this cbac role to a yml statement which can be used to create a yml fixtures file
13
- #executing this statement will result in one cbac_generic_role in the DB
14
- def to_yml_fixture(fixture_id = nil)
15
- fixture_id = role_id if fixture_id.nil?
16
-
17
- return '' if role_type == Cbac::CbacPristine::PristineRole.ROLE_TYPES[:context]
18
- raise ArgumentError, "cannot convert role #{id.to_s} to yml, because it has no name" if name.blank?
19
-
20
- yml = "cbac_generic_role_00" << fixture_id.to_s << ":\n"
21
- yml << " id: " << fixture_id.to_s << "\n"
22
- yml << " name: " << name << "\n"
23
- yml << " created_at: " << Time.now.strftime("%Y-%m-%d %H:%M:%S") << "\n"
24
- yml << " updated_at: " << Time.now.strftime("%Y-%m-%d %H:%M:%S") << "\n"
25
- yml << "\n"
26
- end
27
-
28
- def known_permission_type
29
- # NOTE: known permissions use different type definitions than pristine roles.
30
- # They only use the file type to determine if it is a generic or context role.
31
- # Context roles include the admin role (same file) while pristine roles use a different type
32
- role_type == PristineRole.ROLE_TYPES[:generic] ? Cbac::KnownPermission.PERMISSION_TYPES[:generic] : Cbac::KnownPermission.PERMISSION_TYPES[:context]
33
- end
34
-
35
- def self.admin_role(use_db = true)
36
- admin_role = use_db ? PristineRole.first(:conditions => {:role_type => PristineRole.ROLE_TYPES[:admin]}) : nil
37
-
38
- admin_role.nil? ? PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator") : admin_role
39
- end
40
- end
41
- end
1
+ require 'active_record'
2
+ module Cbac
3
+ module CbacPristine
4
+ class PristineRole < ActiveRecord::Base
5
+ set_table_name "cbac_staged_roles"
6
+
7
+ def self.ROLE_TYPES
8
+ {:context => "context", :generic => "generic", :admin => "administrator"}
9
+ end
10
+
11
+
12
+ #convert this cbac role to a yml statement which can be used to create a yml fixtures file
13
+ #executing this statement will result in one cbac_generic_role in the DB
14
+ def to_yml_fixture(fixture_id = nil)
15
+ fixture_id = role_id if fixture_id.nil?
16
+
17
+ return '' if role_type == Cbac::CbacPristine::PristineRole.ROLE_TYPES[:context]
18
+ raise ArgumentError, "cannot convert role #{id.to_s} to yml, because it has no name" if name.blank?
19
+
20
+ yml = "cbac_generic_role_00" << fixture_id.to_s << ":\n"
21
+ yml << " id: " << fixture_id.to_s << "\n"
22
+ yml << " name: " << name << "\n"
23
+ yml << " created_at: " << Time.now.strftime("%Y-%m-%d %H:%M:%S") << "\n"
24
+ yml << " updated_at: " << Time.now.strftime("%Y-%m-%d %H:%M:%S") << "\n"
25
+ yml << "\n"
26
+ end
27
+
28
+ def known_permission_type
29
+ # NOTE: known permissions use different type definitions than pristine roles.
30
+ # They only use the file type to determine if it is a generic or context role.
31
+ # Context roles include the admin role (same file) while pristine roles use a different type
32
+ role_type == PristineRole.ROLE_TYPES[:generic] ? Cbac::KnownPermission.PERMISSION_TYPES[:generic] : Cbac::KnownPermission.PERMISSION_TYPES[:context]
33
+ end
34
+
35
+ def self.admin_role(use_db = true)
36
+ admin_role = use_db ? PristineRole.first(:conditions => {:role_type => PristineRole.ROLE_TYPES[:admin]}) : nil
37
+
38
+ admin_role.nil? ? PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator") : admin_role
39
+ end
40
+ end
41
+ end
42
42
  end
data/lib/cbac/config.rb CHANGED
@@ -1,10 +1,10 @@
1
- module Cbac
2
- # Class containing configuration options for the Cbac system. The following
3
- # configuration options are supported: verbose. Determines whether or not to
4
- # output results to the console. All outputs are processed as puts commands.
5
- class Config
6
- class << self
7
- attr_accessor :verbose
8
- end
9
- end
1
+ module Cbac
2
+ # Class containing configuration options for the Cbac system. The following
3
+ # configuration options are supported: verbose. Determines whether or not to
4
+ # output results to the console. All outputs are processed as puts commands.
5
+ class Config
6
+ class << self
7
+ attr_accessor :verbose
8
+ end
9
+ end
10
10
  end
@@ -1,27 +1,27 @@
1
- # ContextRole is the class containing the context role definitions
2
- #
3
- # Usage: ContextRole.add :logged_in_user, "!session[:currentuser].nil?"
4
- class ContextRole
5
- class << self
6
- # Hash containing all the context roles. Keys are the role names Values are
7
- # the Ruby eval strings Eval strings must result in true or false
8
- attr_reader :roles
9
-
10
- # Adds a context role to the list of context roles. @symbol defines the name
11
- # of the context role @context_rule defines the ruby code to be evaluated
12
- # when determining role membership
13
- #
14
- # If the context role already exists, an exception is thrown.
15
- def add(symbol, context_rule = "", &block)
16
- symbol = symbol.to_sym
17
- @roles = Hash.new if @roles.nil?
18
- raise ArgumentError, "CBAC: ContextRole was already defined:" + symbol.to_s if @roles.keys.include?(symbol)
19
- # TODO following code
20
- #raise ArgumentError, "CBAC: cannot specify both string rule and block rule" unless context_rule.nil? and block.nil?
21
- # TODO context parameter in block statement is not explicitly tested
22
- block = eval("Proc.new {|context| " + context_rule + "}") if block.nil?
23
- @roles[symbol] = block
24
- end
25
- end
26
- end
27
-
1
+ # ContextRole is the class containing the context role definitions
2
+ #
3
+ # Usage: ContextRole.add :logged_in_user, "!session[:currentuser].nil?"
4
+ class ContextRole
5
+ class << self
6
+ # Hash containing all the context roles. Keys are the role names Values are
7
+ # the Ruby eval strings Eval strings must result in true or false
8
+ attr_reader :roles
9
+
10
+ # Adds a context role to the list of context roles. @symbol defines the name
11
+ # of the context role @context_rule defines the ruby code to be evaluated
12
+ # when determining role membership
13
+ #
14
+ # If the context role already exists, an exception is thrown.
15
+ def add(symbol, context_rule = "", &block)
16
+ symbol = symbol.to_sym
17
+ @roles = Hash.new if @roles.nil?
18
+ raise ArgumentError, "CBAC: ContextRole was already defined:" + symbol.to_s if @roles.keys.include?(symbol)
19
+ # TODO following code
20
+ #raise ArgumentError, "CBAC: cannot specify both string rule and block rule" unless context_rule.nil? and block.nil?
21
+ # TODO context parameter in block statement is not explicitly tested
22
+ block = eval("Proc.new {|context| " + context_rule + "}") if block.nil?
23
+ @roles[symbol] = block
24
+ end
25
+ end
26
+ end
27
+
@@ -1,6 +1,6 @@
1
- class Cbac::GenericRole < ActiveRecord::Base
2
- set_table_name "cbac_generic_roles"
3
-
4
- has_many :generic_role_members, :class_name => "Cbac::Membership", :foreign_key => "generic_role_id"
5
- has_many :permissions, :class_name => "Cbac::Permission", :foreign_key => "generic_role_id"
1
+ class Cbac::GenericRole < ActiveRecord::Base
2
+ set_table_name "cbac_generic_roles"
3
+
4
+ has_many :generic_role_members, :class_name => "Cbac::Membership", :foreign_key => "generic_role_id"
5
+ has_many :permissions, :class_name => "Cbac::Permission", :foreign_key => "generic_role_id"
6
6
  end
@@ -1,14 +1,14 @@
1
- class Cbac::KnownPermission < ActiveRecord::Base
2
- set_table_name "cbac_known_permissions"
3
-
4
- cattr_accessor :PERMISSION_TYPES
5
- @@PERMISSION_TYPES = {:context => 0, :generic => 1}
6
-
7
- def self.find_context_permissions(conditions = {})
8
- all(:conditions => conditions.merge(:permission_type => @@PERMISSION_TYPES[:context]))
9
- end
10
-
11
- def self.find_generic_permissions(conditions = {})
12
- all(:conditions => conditions.merge(:permission_type => @@PERMISSION_TYPES[:generic]))
13
- end
14
- end
1
+ class Cbac::KnownPermission < ActiveRecord::Base
2
+ set_table_name "cbac_known_permissions"
3
+
4
+ cattr_accessor :PERMISSION_TYPES
5
+ @@PERMISSION_TYPES = {:context => 0, :generic => 1}
6
+
7
+ def self.find_context_permissions(conditions = {})
8
+ all(:conditions => conditions.merge(:permission_type => @@PERMISSION_TYPES[:context]))
9
+ end
10
+
11
+ def self.find_generic_permissions(conditions = {})
12
+ all(:conditions => conditions.merge(:permission_type => @@PERMISSION_TYPES[:generic]))
13
+ end
14
+ end
@@ -1,4 +1,4 @@
1
- class Cbac::Membership < ActiveRecord::Base
2
- set_table_name "cbac_memberships"
3
- belongs_to :generic_role, :class_name => "Cbac::GenericRole", :foreign_key => "generic_role_id"
1
+ class Cbac::Membership < ActiveRecord::Base
2
+ set_table_name "cbac_memberships"
3
+ belongs_to :generic_role, :class_name => "Cbac::GenericRole", :foreign_key => "generic_role_id"
4
4
  end
@@ -1,6 +1,6 @@
1
- class Cbac::Permission < ActiveRecord::Base
2
- set_table_name "cbac_permissions"
3
-
4
- belongs_to :generic_role, :class_name => "Cbac::GenericRole", :foreign_key => "generic_role_id"
5
- belongs_to :privilege_set, :class_name => "Cbac::PrivilegeSetRecord", :foreign_key => "privilege_set_id"
1
+ class Cbac::Permission < ActiveRecord::Base
2
+ set_table_name "cbac_permissions"
3
+
4
+ belongs_to :generic_role, :class_name => "Cbac::GenericRole", :foreign_key => "generic_role_id"
5
+ belongs_to :privilege_set, :class_name => "Cbac::PrivilegeSetRecord", :foreign_key => "privilege_set_id"
6
6
  end
@@ -1,117 +1,117 @@
1
- # Class containing all the privileges
2
- #
3
- # To define a new controller method resource: Privilege.resource :privilegeset,
4
- # "controller/method"
5
- #
6
- class Privilege
7
- class << self
8
- attr_reader :get_resources, :post_resources, :model_attributes, :models
9
-
10
- # The includes hash contains references to inheritence. The key points to the
11
- # base class, the value is an array of children.
12
- #
13
- # Example:
14
- # If Child inherits from Parent, then the structure would be:
15
- # includes[:Parent] = [:Child]
16
- attr_reader :includes
17
-
18
- # Links a resource with a PrivilegeSet
19
- #
20
- # An ArgumentError exception is thrown if the PrivilegeSet does not exist.
21
- # To create PrivilegeSets, use the PrivilegeSet.add method
22
- def resource(privilege_set, method, action="GET")
23
- privilege_set = privilege_set.to_sym
24
- @get_resources = Hash.new if @get_resources.nil?
25
- @post_resources = Hash.new if @post_resources.nil?
26
- action_aliases = {"GET" => ["GET", "get", "g","idempotent"], "POST" => ["POST", "post", "p"]}
27
- raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{privilege_set}" unless PrivilegeSet.sets.include?(privilege_set)
28
- action_option = action_aliases.find { |name, aliases| aliases.include?(action.to_s) }
29
- raise ArgumentError, "CBAC: Wrong value for argument 'action' in Privilege.resource: #{action}" if action_option.nil?
30
- case action_option[0]
31
- when "GET"
32
- (@get_resources[method] ||= Array.new) << PrivilegeSet.sets[privilege_set]
33
- (@includes[privilege_set] || Array.new).each {|child_set| (@get_resources[method] ||= Array.new) << PrivilegeSet.sets[child_set]} unless @includes.nil?
34
- when "POST"
35
- (@post_resources[method] ||= Array.new) << PrivilegeSet.sets[privilege_set]
36
- (@includes[privilege_set] || Array.new).each {|child_set| (@post_resources[method] ||= Array.new) << PrivilegeSet.sets[child_set]} unless @includes.nil?
37
- else
38
- raise "CBAC: This should never happen (incorrect HTTP action)"
39
- end
40
- end
41
-
42
- # Make a privilege set dependant on other privilege set(s).
43
- #
44
- # Usage:
45
- # Privilege.include :child_set, :base_set
46
- # Privilege.include :child_set, [:base_set_1, :base_set_2]
47
- #
48
- # An ArgumentError exception is thrown if any of the PrivilegeSet methods do not exist.
49
- def include(privilege_set, included_privilege_set)
50
- @includes = Hash.new if @includes.nil?
51
- child_set = privilege_set.to_sym
52
- raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{child_set}" unless PrivilegeSet.sets.include?(child_set)
53
- included_privilege_set = [included_privilege_set] unless included_privilege_set.is_a?(Enumerable)
54
- included_privilege_set.each do |base_set|
55
- # Check for existence of PrivilegeSet
56
- raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{base_set}" unless PrivilegeSet.sets.include?(base_set)
57
- # Adds the references
58
- (@includes[base_set.to_sym] ||= Array.new) << child_set
59
- # Copies existing resources
60
- @get_resources.each do |method, privilege_sets|
61
- resource child_set, method, :get if privilege_sets.any? {|set| set.name == base_set.to_s}
62
- end
63
- @post_resources.each do |method, privilege_sets|
64
- resource child_set, method, :post if privilege_sets.any? {|set| set.name == base_set.to_s}
65
- end
66
- end
67
- end
68
-
69
-
70
- def model_attribute
71
-
72
- end
73
- def model
74
-
75
- end
76
-
77
- # Finds the privilege sets associated with the given controller_method and
78
- # action_type Valid values for action_type are "get", "post" and "put".
79
- # "put" is converted into "post".
80
- #
81
- # Usage:
82
- # Privilege.select "my_controller/action", :get
83
- #
84
- # Returns an array of PrivilegeSet objects
85
- #
86
- # If incorrect values are given for action_type the method will raise an
87
- # ArgumentError. If the controller and action name are not found, an
88
- # exception is being raised.
89
- def select(controller_method, action_type)
90
- action_type = action_type.to_s
91
- post_methods = ["post", "put", "delete"]
92
- if action_type == "get"
93
- privilege_sets = Privilege.get_resources[controller_method]
94
- else if post_methods.include?(action_type)
95
- privilege_sets = Privilege.post_resources[controller_method]
96
- else
97
- raise ArgumentError, "CBAC: Incorrect action_type: #{action_type}"
98
- end
99
- end
100
- # Error handling if no privilege_sets were found
101
- if privilege_sets.nil?
102
- if action_type == "get"
103
- if !Privilege.post_resources[controller_method].nil?
104
- raise "CBAC: PrivilegeSets only exist for other action: post on method: #{controller_method}"
105
- end
106
- else
107
- if !Privilege.get_resources[controller_method].nil?
108
- raise "CBAC: PrivilegeSets only exist for other action: get on method: #{controller_method}"
109
- end
110
- end
111
- raise "CBAC: Could not find any privilege sets associated with: #{controller_method} and action: #{action_type}" +
112
- "Available GET resources:\n" + Privilege.get_resources.inject("") {|sum, (key, value)| sum + key.to_s + "\n"}
113
- end
114
- privilege_sets
115
- end
116
- end
117
- end
1
+ # Class containing all the privileges
2
+ #
3
+ # To define a new controller method resource: Privilege.resource :privilegeset,
4
+ # "controller/method"
5
+ #
6
+ class Privilege
7
+ class << self
8
+ attr_reader :get_resources, :post_resources, :model_attributes, :models
9
+
10
+ # The includes hash contains references to inheritence. The key points to the
11
+ # base class, the value is an array of children.
12
+ #
13
+ # Example:
14
+ # If Child inherits from Parent, then the structure would be:
15
+ # includes[:Parent] = [:Child]
16
+ attr_reader :includes
17
+
18
+ # Links a resource with a PrivilegeSet
19
+ #
20
+ # An ArgumentError exception is thrown if the PrivilegeSet does not exist.
21
+ # To create PrivilegeSets, use the PrivilegeSet.add method
22
+ def resource(privilege_set, method, action="GET")
23
+ privilege_set = privilege_set.to_sym
24
+ @get_resources = Hash.new if @get_resources.nil?
25
+ @post_resources = Hash.new if @post_resources.nil?
26
+ action_aliases = {"GET" => ["GET", "get", "g","idempotent"], "POST" => ["POST", "post", "p"]}
27
+ raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{privilege_set}" unless PrivilegeSet.sets.include?(privilege_set)
28
+ action_option = action_aliases.find { |name, aliases| aliases.include?(action.to_s) }
29
+ raise ArgumentError, "CBAC: Wrong value for argument 'action' in Privilege.resource: #{action}" if action_option.nil?
30
+ case action_option[0]
31
+ when "GET"
32
+ (@get_resources[method] ||= Array.new) << PrivilegeSet.sets[privilege_set]
33
+ (@includes[privilege_set] || Array.new).each {|child_set| (@get_resources[method] ||= Array.new) << PrivilegeSet.sets[child_set]} unless @includes.nil?
34
+ when "POST"
35
+ (@post_resources[method] ||= Array.new) << PrivilegeSet.sets[privilege_set]
36
+ (@includes[privilege_set] || Array.new).each {|child_set| (@post_resources[method] ||= Array.new) << PrivilegeSet.sets[child_set]} unless @includes.nil?
37
+ else
38
+ raise "CBAC: This should never happen (incorrect HTTP action)"
39
+ end
40
+ end
41
+
42
+ # Make a privilege set dependant on other privilege set(s).
43
+ #
44
+ # Usage:
45
+ # Privilege.include :child_set, :base_set
46
+ # Privilege.include :child_set, [:base_set_1, :base_set_2]
47
+ #
48
+ # An ArgumentError exception is thrown if any of the PrivilegeSet methods do not exist.
49
+ def include(privilege_set, included_privilege_set)
50
+ @includes = Hash.new if @includes.nil?
51
+ child_set = privilege_set.to_sym
52
+ raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{child_set}" unless PrivilegeSet.sets.include?(child_set)
53
+ included_privilege_set = [included_privilege_set] unless included_privilege_set.is_a?(Enumerable)
54
+ included_privilege_set.each do |base_set|
55
+ # Check for existence of PrivilegeSet
56
+ raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{base_set}" unless PrivilegeSet.sets.include?(base_set)
57
+ # Adds the references
58
+ (@includes[base_set.to_sym] ||= Array.new) << child_set
59
+ # Copies existing resources
60
+ @get_resources.each do |method, privilege_sets|
61
+ resource child_set, method, :get if privilege_sets.any? {|set| set.name == base_set.to_s}
62
+ end
63
+ @post_resources.each do |method, privilege_sets|
64
+ resource child_set, method, :post if privilege_sets.any? {|set| set.name == base_set.to_s}
65
+ end
66
+ end
67
+ end
68
+
69
+
70
+ def model_attribute
71
+
72
+ end
73
+ def model
74
+
75
+ end
76
+
77
+ # Finds the privilege sets associated with the given controller_method and
78
+ # action_type Valid values for action_type are "get", "post" and "put".
79
+ # "put" is converted into "post".
80
+ #
81
+ # Usage:
82
+ # Privilege.select "my_controller/action", :get
83
+ #
84
+ # Returns an array of PrivilegeSet objects
85
+ #
86
+ # If incorrect values are given for action_type the method will raise an
87
+ # ArgumentError. If the controller and action name are not found, an
88
+ # exception is being raised.
89
+ def select(controller_method, action_type)
90
+ action_type = action_type.to_s
91
+ post_methods = ["post", "put", "delete"]
92
+ if action_type == "get"
93
+ privilege_sets = Privilege.get_resources[controller_method]
94
+ else if post_methods.include?(action_type)
95
+ privilege_sets = Privilege.post_resources[controller_method]
96
+ else
97
+ raise ArgumentError, "CBAC: Incorrect action_type: #{action_type}"
98
+ end
99
+ end
100
+ # Error handling if no privilege_sets were found
101
+ if privilege_sets.nil?
102
+ if action_type == "get"
103
+ if !Privilege.post_resources[controller_method].nil?
104
+ raise "CBAC: PrivilegeSets only exist for other action: post on method: #{controller_method}"
105
+ end
106
+ else
107
+ if !Privilege.get_resources[controller_method].nil?
108
+ raise "CBAC: PrivilegeSets only exist for other action: get on method: #{controller_method}"
109
+ end
110
+ end
111
+ raise "CBAC: Could not find any privilege sets associated with: #{controller_method} and action: #{action_type}" +
112
+ "Available GET resources:\n" + Privilege.get_resources.inject("") {|sum, (key, value)| sum + key.to_s + "\n"}
113
+ end
114
+ privilege_sets
115
+ end
116
+ end
117
+ end