cbac 0.6.1 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (75) hide show
  1. data/Manifest +70 -74
  2. data/README.rdoc +51 -51
  3. data/Rakefile +39 -39
  4. data/cbac.gemspec +30 -31
  5. data/config/cbac/context_roles.rb +21 -21
  6. data/config/cbac/privileges.rb +50 -50
  7. data/context_roles.rb +21 -21
  8. data/init.rb +3 -3
  9. data/lib/cbac.rb +132 -132
  10. data/lib/cbac/cbac_pristine/pristine.rb +138 -135
  11. data/lib/cbac/cbac_pristine/pristine_file.rb +173 -170
  12. data/lib/cbac/cbac_pristine/pristine_permission.rb +205 -194
  13. data/lib/cbac/cbac_pristine/pristine_role.rb +41 -41
  14. data/lib/cbac/config.rb +9 -9
  15. data/lib/cbac/context_role.rb +27 -27
  16. data/lib/cbac/generic_role.rb +5 -5
  17. data/lib/cbac/known_permission.rb +14 -14
  18. data/lib/cbac/membership.rb +3 -3
  19. data/lib/cbac/permission.rb +5 -5
  20. data/lib/cbac/privilege.rb +117 -117
  21. data/lib/cbac/privilege_new_api.rb +56 -56
  22. data/lib/cbac/privilege_set.rb +29 -29
  23. data/lib/cbac/privilege_set_record.rb +6 -6
  24. data/lib/cbac/setup.rb +37 -37
  25. data/lib/generators/cbac/USAGE +33 -33
  26. data/lib/generators/cbac/cbac_generator.rb +75 -75
  27. data/lib/generators/cbac/copy_files/config/cbac.pristine +2 -2
  28. data/lib/generators/cbac/copy_files/config/context_roles.rb +17 -17
  29. data/lib/generators/cbac/copy_files/config/privileges.rb +25 -25
  30. data/lib/generators/cbac/copy_files/controllers/generic_roles_controller.rb +30 -30
  31. data/lib/generators/cbac/copy_files/controllers/memberships_controller.rb +22 -22
  32. data/lib/generators/cbac/copy_files/controllers/permissions_controller.rb +61 -61
  33. data/lib/generators/cbac/copy_files/controllers/upgrade_controller.rb +23 -23
  34. data/lib/generators/cbac/copy_files/fixtures/cbac_generic_roles.yml +9 -9
  35. data/lib/generators/cbac/copy_files/fixtures/cbac_memberships.yml +8 -8
  36. data/lib/generators/cbac/copy_files/fixtures/cbac_permissions.yml +8 -8
  37. data/lib/generators/cbac/copy_files/initializers/cbac_config.rb +4 -4
  38. data/lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb +59 -59
  39. data/lib/generators/cbac/copy_files/migrate/create_cbac_upgrade_path.rb +40 -31
  40. data/lib/generators/cbac/copy_files/stylesheets/cbac.css +65 -65
  41. data/lib/generators/cbac/copy_files/tasks/cbac.rake +345 -345
  42. data/lib/generators/cbac/copy_files/views/generic_roles/index.html.erb +58 -58
  43. data/lib/generators/cbac/copy_files/views/layouts/cbac.html.erb +18 -18
  44. data/lib/generators/cbac/copy_files/views/memberships/_update.html.erb +11 -11
  45. data/lib/generators/cbac/copy_files/views/memberships/index.html.erb +23 -23
  46. data/lib/generators/cbac/copy_files/views/permissions/_update_context_role.html.erb +11 -11
  47. data/lib/generators/cbac/copy_files/views/permissions/_update_generic_role.html.erb +11 -11
  48. data/lib/generators/cbac/copy_files/views/permissions/index.html.erb +39 -39
  49. data/lib/generators/cbac/copy_files/views/upgrade/index.html.erb +31 -31
  50. data/migrations/20110211105533_add_pristine_files_to_cbac_upgrade_path.rb +16 -0
  51. data/privileges.rb +50 -50
  52. data/spec/cbac_pristine_file_spec.rb +329 -329
  53. data/spec/cbac_pristine_permission_spec.rb +358 -358
  54. data/spec/cbac_pristine_role_spec.rb +85 -85
  55. data/spec/rcov.opts +1 -1
  56. data/spec/spec.opts +4 -4
  57. data/spec/spec_helper.rb +11 -11
  58. data/tasks/cbac.rake +345 -345
  59. data/test/fixtures/cbac_generic_roles.yml +9 -9
  60. data/test/fixtures/cbac_memberships.yml +8 -8
  61. data/test/fixtures/cbac_permissions.yml +14 -14
  62. data/test/fixtures/cbac_privilege_set.yml +18 -18
  63. data/test/test_cbac_actions.rb +71 -71
  64. data/test/test_cbac_authorize_context_roles.rb +39 -39
  65. data/test/test_cbac_authorize_generic_roles.rb +36 -36
  66. data/test/test_cbac_context_role.rb +50 -50
  67. data/test/test_cbac_privilege.rb +151 -151
  68. data/test/test_cbac_privilege_set.rb +50 -50
  69. data/test/test_helper.rb +28 -28
  70. metadata +14 -15
  71. data/nbproject/private/private.properties +0 -3
  72. data/nbproject/private/private.xml +0 -4
  73. data/nbproject/private/rake-d.txt +0 -0
  74. data/nbproject/project.properties +0 -9
  75. data/nbproject/project.xml +0 -16
@@ -1,2 +1,2 @@
1
- 0:+:PrivilegeSet(login) ContextRole(everybody)
2
- 1:+:PrivilegeSet(cbac_administration) Admin()
1
+ 0:+:PrivilegeSet(login) ContextRole(everybody)
2
+ 1:+:PrivilegeSet(cbac_administration) Admin()
@@ -1,17 +1,17 @@
1
- ### context_roles.rb
2
- #
3
- # Defines the context roles for the CBAC system
4
- #
5
- include Cbac
6
- puts "Loading context_roles"
7
-
8
- # Defining context roles
9
- ContextRole.add :everybody do
10
- true
11
- end
12
- ContextRole.add :not_logged_in_user do |context|
13
- context.current_user.nil?
14
- end
15
- ContextRole.add :logged_in_user do |context|
16
- not context.current_user.nil?
17
- end
1
+ ### context_roles.rb
2
+ #
3
+ # Defines the context roles for the CBAC system
4
+ #
5
+ include Cbac
6
+ puts "Loading context_roles"
7
+
8
+ # Defining context roles
9
+ ContextRole.add :everybody do
10
+ true
11
+ end
12
+ ContextRole.add :not_logged_in_user do |context|
13
+ context.current_user.nil?
14
+ end
15
+ ContextRole.add :logged_in_user do |context|
16
+ not context.current_user.nil?
17
+ end
@@ -1,25 +1,25 @@
1
- ### Privileges.rb
2
- #
3
- # Defines the privilegesets and privileges for the CBAC system
4
- #
5
- include Cbac
6
- puts "Loading privilegesets"
7
-
8
- cbac do
9
- set :public, "Stuff that is always accessible" do
10
- # Insert public conroller/methods here
11
- end
12
-
13
- set :cbac_administration, "Allows administration of CBAC modules" do
14
- in_module :cbac do
15
- get "permissions", :index
16
- post "permissions", :create
17
- get "memberships", :index
18
- post "memberships", :create
19
- get "generic_roles", :index
20
- post "generic_roles", :update, :create, :delete
21
- get "upgrade", :index
22
- post "upgrade", :update
23
- end
24
- end
25
- end
1
+ ### Privileges.rb
2
+ #
3
+ # Defines the privilegesets and privileges for the CBAC system
4
+ #
5
+ include Cbac
6
+ puts "Loading privilegesets"
7
+
8
+ cbac do
9
+ set :public, "Stuff that is always accessible" do
10
+ # Insert public conroller/methods here
11
+ end
12
+
13
+ set :cbac_administration, "Allows administration of CBAC modules" do
14
+ in_module :cbac do
15
+ get "permissions", :index
16
+ post "permissions", :create
17
+ get "memberships", :index
18
+ post "memberships", :create
19
+ get "generic_roles", :index
20
+ post "generic_roles", :update, :create, :delete
21
+ get "upgrade", :index
22
+ post "upgrade", :update
23
+ end
24
+ end
25
+ end
@@ -1,30 +1,30 @@
1
- class Cbac::GenericRolesController < ApplicationController
2
- # The layout used for all CBAC pages
3
- layout "cbac"
4
-
5
- # GET /index
6
- # GET /index.xml
7
- def index
8
- end
9
-
10
- # POST /update
11
- def update
12
- @role = Cbac::GenericRole.find(params[:id])
13
- @role.update_attributes(params[:cbac_generic_role])
14
- redirect_to :action => "index"
15
- end
16
-
17
- # POST /create
18
- def create
19
- @role = Cbac::GenericRole.new(params[:cbac_generic_role])
20
- @role.save
21
- redirect_to :action => "index"
22
- end
23
-
24
- # POST /delete
25
- def delete
26
- @role = Cbac::GenericRole.find(params[:id])
27
- @role.delete
28
- redirect_to :action => "index"
29
- end
30
- end
1
+ class Cbac::GenericRolesController < ApplicationController
2
+ # The layout used for all CBAC pages
3
+ layout "cbac"
4
+
5
+ # GET /index
6
+ # GET /index.xml
7
+ def index
8
+ end
9
+
10
+ # POST /update
11
+ def update
12
+ @role = Cbac::GenericRole.find(params[:id])
13
+ @role.update_attributes(params[:cbac_generic_role])
14
+ redirect_to :action => "index"
15
+ end
16
+
17
+ # POST /create
18
+ def create
19
+ @role = Cbac::GenericRole.new(params[:cbac_generic_role])
20
+ @role.save
21
+ redirect_to :action => "index"
22
+ end
23
+
24
+ # POST /delete
25
+ def delete
26
+ @role = Cbac::GenericRole.find(params[:id])
27
+ @role.delete
28
+ redirect_to :action => "index"
29
+ end
30
+ end
@@ -1,22 +1,22 @@
1
- class Cbac::MembershipsController < ApplicationController
2
- # The layout used for all CBAC pages
3
- layout "cbac"
4
-
5
- # GET /index
6
- # GET /index.xml
7
- def index
8
- @generic_roles = Cbac::GenericRole.find(:all)
9
- @users = User.find(:all)
10
- end
11
-
12
- # POST /update
13
- def update
14
- Cbac::Membership.find(:all, :conditions => ["generic_role_id = ? AND user_id = ?", params[:generic_role_id], params[:user_id]]).each{|p|p.delete}
15
- if params[:member].to_s == "1"
16
- Cbac::Membership.create(:generic_role_id => params[:generic_role_id], :user_id => params[:user_id])
17
- end
18
- role = Cbac::GenericRole.find(params[:generic_role_id])
19
- render :partial => "cbac/memberships/update.html", :locals => {:generic_role => role,
20
- :user_id => params[:user_id], :update_partial => true}
21
- end
22
- end
1
+ class Cbac::MembershipsController < ApplicationController
2
+ # The layout used for all CBAC pages
3
+ layout "cbac"
4
+
5
+ # GET /index
6
+ # GET /index.xml
7
+ def index
8
+ @generic_roles = Cbac::GenericRole.find(:all)
9
+ @users = User.find(:all)
10
+ end
11
+
12
+ # POST /update
13
+ def update
14
+ Cbac::Membership.find(:all, :conditions => ["generic_role_id = ? AND user_id = ?", params[:generic_role_id], params[:user_id]]).each{|p|p.delete}
15
+ if params[:member].to_s == "1"
16
+ Cbac::Membership.create(:generic_role_id => params[:generic_role_id], :user_id => params[:user_id])
17
+ end
18
+ role = Cbac::GenericRole.find(params[:generic_role_id])
19
+ render :partial => "cbac/memberships/update.html", :locals => {:generic_role => role,
20
+ :user_id => params[:user_id], :update_partial => true}
21
+ end
22
+ end
@@ -1,61 +1,61 @@
1
- class Cbac::PermissionsController < ApplicationController
2
- # The layout used for all CBAC pages
3
- layout "cbac"
4
-
5
- # GET /index GET /index.xml
6
- def index
7
- if params[:role_substr] and params[:role_substr] != ""
8
- @context_roles = []
9
- @generic_roles = []
10
-
11
- params[:role_substr].split('|').each do |role_start|
12
- @context_roles += (ContextRole.roles.select {|key,value| !key.to_s.match(/^#{role_start}/).nil?}).collect{|key, value| [key, value]}
13
- @generic_roles += Cbac::GenericRole.find(:all).select {|role| !role.name.match(/^#{role_start}/).nil? }
14
- end
15
- else
16
- @context_roles = ContextRole.roles
17
- @generic_roles = Cbac::GenericRole.all
18
- end
19
-
20
- if params[:priv_substr] && params[:priv_substr] != ""
21
- @sets = []
22
- params[:priv_substr].split('|').each do |priv_start|
23
- @sets += PrivilegeSet.sets.select {|key, value| !key.to_s.match(/^#{priv_start}/).nil?}
24
- end
25
- else
26
- @sets = PrivilegeSet.sets
27
- end
28
- end
29
-
30
- def update
31
- unless params[:context_role].nil?
32
- update_context_role
33
- return
34
- end
35
- unless params[:generic_role_id].nil?
36
- update_generic_role
37
- end
38
- end
39
-
40
- private
41
-
42
- # POST /update
43
- def update_context_role
44
- Cbac::Permission.find(:all, :conditions => ["context_role = ? AND privilege_set_id = ?", params[:context_role], params[:privilege_set_id]]).each{|p|p.delete}
45
- if params[:permission].to_s == "1"
46
- Cbac::Permission.create(:context_role => params[:context_role], :privilege_set_id => params[:privilege_set_id])
47
- end
48
- render :partial => "cbac/permissions/update_context_role.html", :locals => {:context_role => params[:context_role],
49
- :set_id => params[:privilege_set_id], :update_partial => true}
50
- end
51
-
52
- def update_generic_role
53
- Cbac::Permission.find(:all, :conditions => ["generic_role_id = ? AND privilege_set_id = ?", params[:generic_role_id], params[:privilege_set_id]]).each{|p|p.delete}
54
- if params[:permission].to_s == "1"
55
- Cbac::Permission.create(:generic_role_id => params[:generic_role_id], :privilege_set_id => params[:privilege_set_id])
56
- end
57
- role = Cbac::GenericRole.find(params[:generic_role_id])
58
- render :partial => "cbac/permissions/update_generic_role.html", :locals => {:role =>role,
59
- :set_id => params[:privilege_set_id], :update_partial => true}
60
- end
61
- end
1
+ class Cbac::PermissionsController < ApplicationController
2
+ # The layout used for all CBAC pages
3
+ layout "cbac"
4
+
5
+ # GET /index GET /index.xml
6
+ def index
7
+ if params[:role_substr] and params[:role_substr] != ""
8
+ @context_roles = []
9
+ @generic_roles = []
10
+
11
+ params[:role_substr].split('|').each do |role_start|
12
+ @context_roles += (ContextRole.roles.select {|key,value| !key.to_s.match(/^#{role_start}/).nil?}).collect{|key, value| [key, value]}
13
+ @generic_roles += Cbac::GenericRole.find(:all).select {|role| !role.name.match(/^#{role_start}/).nil? }
14
+ end
15
+ else
16
+ @context_roles = ContextRole.roles
17
+ @generic_roles = Cbac::GenericRole.all
18
+ end
19
+
20
+ if params[:priv_substr] && params[:priv_substr] != ""
21
+ @sets = []
22
+ params[:priv_substr].split('|').each do |priv_start|
23
+ @sets += PrivilegeSet.sets.select {|key, value| !key.to_s.match(/^#{priv_start}/).nil?}
24
+ end
25
+ else
26
+ @sets = PrivilegeSet.sets
27
+ end
28
+ end
29
+
30
+ def update
31
+ unless params[:context_role].nil?
32
+ update_context_role
33
+ return
34
+ end
35
+ unless params[:generic_role_id].nil?
36
+ update_generic_role
37
+ end
38
+ end
39
+
40
+ private
41
+
42
+ # POST /update
43
+ def update_context_role
44
+ Cbac::Permission.find(:all, :conditions => ["context_role = ? AND privilege_set_id = ?", params[:context_role], params[:privilege_set_id]]).each{|p|p.delete}
45
+ if params[:permission].to_s == "1"
46
+ Cbac::Permission.create(:context_role => params[:context_role], :privilege_set_id => params[:privilege_set_id])
47
+ end
48
+ render :partial => "cbac/permissions/update_context_role.html", :locals => {:context_role => params[:context_role],
49
+ :set_id => params[:privilege_set_id], :update_partial => true}
50
+ end
51
+
52
+ def update_generic_role
53
+ Cbac::Permission.find(:all, :conditions => ["generic_role_id = ? AND privilege_set_id = ?", params[:generic_role_id], params[:privilege_set_id]]).each{|p|p.delete}
54
+ if params[:permission].to_s == "1"
55
+ Cbac::Permission.create(:generic_role_id => params[:generic_role_id], :privilege_set_id => params[:privilege_set_id])
56
+ end
57
+ role = Cbac::GenericRole.find(params[:generic_role_id])
58
+ render :partial => "cbac/permissions/update_generic_role.html", :locals => {:role =>role,
59
+ :set_id => params[:privilege_set_id], :update_partial => true}
60
+ end
61
+ end
@@ -1,24 +1,24 @@
1
- class Cbac::UpgradeController < ApplicationController
2
-
3
- layout 'cbac'
4
-
5
- def index
6
- @permissions = Cbac::CbacPristine::PristinePermission.all
7
- end
8
-
9
- def update
10
-
11
- params[:permissions].each do |perm_array|
12
- next if perm_array[1][:action] == 'leave'
13
- permission = Cbac::CbacPristine::PristinePermission.find(perm_array[1][:id])
14
- case perm_array[1][:action]
15
- when 'accept'
16
- permission.accept
17
- when 'reject'
18
- permission.reject
19
- end
20
- end
21
- redirect_to :action => :index
22
-
23
- end
1
+ class Cbac::UpgradeController < ApplicationController
2
+
3
+ layout 'cbac'
4
+
5
+ def index
6
+ @permissions = Cbac::CbacPristine::PristinePermission.all
7
+ end
8
+
9
+ def update
10
+
11
+ params[:permissions].each do |perm_array|
12
+ next if perm_array[1][:action] == 'leave'
13
+ permission = Cbac::CbacPristine::PristinePermission.find(perm_array[1][:id])
14
+ case perm_array[1][:action]
15
+ when 'accept'
16
+ permission.accept
17
+ when 'reject'
18
+ permission.reject
19
+ end
20
+ end
21
+ redirect_to :action => :index
22
+
23
+ end
24
24
  end
@@ -1,9 +1,9 @@
1
- ###
2
- # Context
3
- ## YAML template for the generic roles
4
-
5
- one:
6
- id: 1
7
- name: administrator
8
- remarks: Administrators role. Grants full access to the entire system.
9
-
1
+ ###
2
+ # Context
3
+ ## YAML template for the generic roles
4
+
5
+ one:
6
+ id: 1
7
+ name: administrator
8
+ remarks: Administrators role. Grants full access to the entire system.
9
+
@@ -1,8 +1,8 @@
1
- ###
2
- # Context
3
- ## YAML template for the memberships
4
-
5
- # Making the first user member of the administrator group
6
- one:
7
- user_id: 1
8
- generic_role_id: 1
1
+ ###
2
+ # Context
3
+ ## YAML template for the memberships
4
+
5
+ # Making the first user member of the administrator group
6
+ one:
7
+ user_id: 1
8
+ generic_role_id: 1
@@ -1,8 +1,8 @@
1
- ###
2
- # Context
3
- ## YAML template for the permissions
4
- <% PrivilegeSet.sets.each do |set| %>
5
- fix_<%= set.id %>:
6
- generic_role_id: 1
7
- privilege_set_id: <%= set.id %>
8
- <% end %>
1
+ ###
2
+ # Context
3
+ ## YAML template for the permissions
4
+ <% PrivilegeSet.sets.each do |set| %>
5
+ fix_<%= set.id %>:
6
+ generic_role_id: 1
7
+ privilege_set_id: <%= set.id %>
8
+ <% end %>
@@ -1,4 +1,4 @@
1
- puts "Initializing CBAC..."
2
- include Cbac
3
- Cbac::cbac_boot!
4
- puts "CBAC initialized"
1
+ puts "Initializing CBAC..."
2
+ include Cbac
3
+ Cbac::cbac_boot!
4
+ puts "CBAC initialized"
@@ -1,59 +1,59 @@
1
- class CreateCbacFromScratch < ActiveRecord::Migration
2
- def self.up
3
- create_table :cbac_permissions do |t|
4
- t.integer :generic_role_id, :default => 0
5
- t.string :context_role
6
- t.integer :privilege_set_id
7
- t.timestamps
8
- end
9
-
10
- create_table :cbac_generic_roles do |t|
11
- t.string :name
12
- t.text :remarks
13
- t.timestamps
14
- end
15
-
16
- create_table :cbac_memberships do |t|
17
- t.integer :user_id
18
- t.integer :generic_role_id
19
- t.timestamps
20
- end
21
-
22
- create_table :cbac_privilege_set do |t|
23
- t.string :name
24
- t.string :comment
25
- t.timestamps
26
- end
27
-
28
- create_table :cbac_staged_permissions do |t|
29
- t.integer :pristine_role_id
30
- t.string :privilege_set_name
31
- t.integer :line_number
32
- t.string :comment
33
- t.text :operation, :limit => 2
34
- t.timestamps
35
- end
36
-
37
- create_table :cbac_staged_roles do |t|
38
- t.string :role_type
39
- t.string :name
40
- t.integer :role_id
41
- t.timestamps
42
- end
43
-
44
- create_table :cbac_known_permissions do |t|
45
- t.integer :permission_number, :null => :no
46
- t.integer :permission_type, :default => 0
47
- end
48
- end
49
-
50
- def self.down
51
- drop_table :cbac_permissions
52
- drop_table :cbac_generic_roles
53
- drop_table :cbac_memberships
54
- drop_table :cbac_privilege_set
55
- drop_table :cbac_staged_permissions
56
- drop_table :cbac_staged_roles
57
- drop_table :cbac_known_permission
58
- end
59
- end
1
+ class CreateCbacFromScratch < ActiveRecord::Migration
2
+ def self.up
3
+ create_table :cbac_permissions do |t|
4
+ t.integer :generic_role_id, :default => 0
5
+ t.string :context_role
6
+ t.integer :privilege_set_id
7
+ t.timestamps
8
+ end
9
+
10
+ create_table :cbac_generic_roles do |t|
11
+ t.string :name
12
+ t.text :remarks
13
+ t.timestamps
14
+ end
15
+
16
+ create_table :cbac_memberships do |t|
17
+ t.integer :user_id
18
+ t.integer :generic_role_id
19
+ t.timestamps
20
+ end
21
+
22
+ create_table :cbac_privilege_set do |t|
23
+ t.string :name
24
+ t.string :comment
25
+ t.timestamps
26
+ end
27
+
28
+ create_table :cbac_staged_permissions do |t|
29
+ t.integer :pristine_role_id
30
+ t.string :privilege_set_name
31
+ t.integer :line_number
32
+ t.string :comment
33
+ t.text :operation, :limit => 2
34
+ t.timestamps
35
+ end
36
+
37
+ create_table :cbac_staged_roles do |t|
38
+ t.string :role_type
39
+ t.string :name
40
+ t.integer :role_id
41
+ t.timestamps
42
+ end
43
+
44
+ create_table :cbac_known_permissions do |t|
45
+ t.integer :permission_number, :null => :no
46
+ t.integer :permission_type, :default => 0
47
+ end
48
+ end
49
+
50
+ def self.down
51
+ drop_table :cbac_permissions
52
+ drop_table :cbac_generic_roles
53
+ drop_table :cbac_memberships
54
+ drop_table :cbac_privilege_set
55
+ drop_table :cbac_staged_permissions
56
+ drop_table :cbac_staged_roles
57
+ drop_table :cbac_known_permission
58
+ end
59
+ end