cbac 0.6.1 → 0.6.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (75) hide show
  1. data/Manifest +70 -74
  2. data/README.rdoc +51 -51
  3. data/Rakefile +39 -39
  4. data/cbac.gemspec +30 -31
  5. data/config/cbac/context_roles.rb +21 -21
  6. data/config/cbac/privileges.rb +50 -50
  7. data/context_roles.rb +21 -21
  8. data/init.rb +3 -3
  9. data/lib/cbac.rb +132 -132
  10. data/lib/cbac/cbac_pristine/pristine.rb +138 -135
  11. data/lib/cbac/cbac_pristine/pristine_file.rb +173 -170
  12. data/lib/cbac/cbac_pristine/pristine_permission.rb +205 -194
  13. data/lib/cbac/cbac_pristine/pristine_role.rb +41 -41
  14. data/lib/cbac/config.rb +9 -9
  15. data/lib/cbac/context_role.rb +27 -27
  16. data/lib/cbac/generic_role.rb +5 -5
  17. data/lib/cbac/known_permission.rb +14 -14
  18. data/lib/cbac/membership.rb +3 -3
  19. data/lib/cbac/permission.rb +5 -5
  20. data/lib/cbac/privilege.rb +117 -117
  21. data/lib/cbac/privilege_new_api.rb +56 -56
  22. data/lib/cbac/privilege_set.rb +29 -29
  23. data/lib/cbac/privilege_set_record.rb +6 -6
  24. data/lib/cbac/setup.rb +37 -37
  25. data/lib/generators/cbac/USAGE +33 -33
  26. data/lib/generators/cbac/cbac_generator.rb +75 -75
  27. data/lib/generators/cbac/copy_files/config/cbac.pristine +2 -2
  28. data/lib/generators/cbac/copy_files/config/context_roles.rb +17 -17
  29. data/lib/generators/cbac/copy_files/config/privileges.rb +25 -25
  30. data/lib/generators/cbac/copy_files/controllers/generic_roles_controller.rb +30 -30
  31. data/lib/generators/cbac/copy_files/controllers/memberships_controller.rb +22 -22
  32. data/lib/generators/cbac/copy_files/controllers/permissions_controller.rb +61 -61
  33. data/lib/generators/cbac/copy_files/controllers/upgrade_controller.rb +23 -23
  34. data/lib/generators/cbac/copy_files/fixtures/cbac_generic_roles.yml +9 -9
  35. data/lib/generators/cbac/copy_files/fixtures/cbac_memberships.yml +8 -8
  36. data/lib/generators/cbac/copy_files/fixtures/cbac_permissions.yml +8 -8
  37. data/lib/generators/cbac/copy_files/initializers/cbac_config.rb +4 -4
  38. data/lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb +59 -59
  39. data/lib/generators/cbac/copy_files/migrate/create_cbac_upgrade_path.rb +40 -31
  40. data/lib/generators/cbac/copy_files/stylesheets/cbac.css +65 -65
  41. data/lib/generators/cbac/copy_files/tasks/cbac.rake +345 -345
  42. data/lib/generators/cbac/copy_files/views/generic_roles/index.html.erb +58 -58
  43. data/lib/generators/cbac/copy_files/views/layouts/cbac.html.erb +18 -18
  44. data/lib/generators/cbac/copy_files/views/memberships/_update.html.erb +11 -11
  45. data/lib/generators/cbac/copy_files/views/memberships/index.html.erb +23 -23
  46. data/lib/generators/cbac/copy_files/views/permissions/_update_context_role.html.erb +11 -11
  47. data/lib/generators/cbac/copy_files/views/permissions/_update_generic_role.html.erb +11 -11
  48. data/lib/generators/cbac/copy_files/views/permissions/index.html.erb +39 -39
  49. data/lib/generators/cbac/copy_files/views/upgrade/index.html.erb +31 -31
  50. data/migrations/20110211105533_add_pristine_files_to_cbac_upgrade_path.rb +16 -0
  51. data/privileges.rb +50 -50
  52. data/spec/cbac_pristine_file_spec.rb +329 -329
  53. data/spec/cbac_pristine_permission_spec.rb +358 -358
  54. data/spec/cbac_pristine_role_spec.rb +85 -85
  55. data/spec/rcov.opts +1 -1
  56. data/spec/spec.opts +4 -4
  57. data/spec/spec_helper.rb +11 -11
  58. data/tasks/cbac.rake +345 -345
  59. data/test/fixtures/cbac_generic_roles.yml +9 -9
  60. data/test/fixtures/cbac_memberships.yml +8 -8
  61. data/test/fixtures/cbac_permissions.yml +14 -14
  62. data/test/fixtures/cbac_privilege_set.yml +18 -18
  63. data/test/test_cbac_actions.rb +71 -71
  64. data/test/test_cbac_authorize_context_roles.rb +39 -39
  65. data/test/test_cbac_authorize_generic_roles.rb +36 -36
  66. data/test/test_cbac_context_role.rb +50 -50
  67. data/test/test_cbac_privilege.rb +151 -151
  68. data/test/test_cbac_privilege_set.rb +50 -50
  69. data/test/test_helper.rb +28 -28
  70. metadata +14 -15
  71. data/nbproject/private/private.properties +0 -3
  72. data/nbproject/private/private.xml +0 -4
  73. data/nbproject/private/rake-d.txt +0 -0
  74. data/nbproject/project.properties +0 -9
  75. data/nbproject/project.xml +0 -16
@@ -1,59 +1,59 @@
1
- <div class="cbac">
2
- <h1>Generic roles</h1>
3
- <table>
4
- <tr>
5
- <th class="medium">Name</th>
6
- <th class="large">Remarks</th>
7
- <th class="small">&nbsp;</th>
8
- </tr>
9
-
10
- <% Cbac::GenericRole.find(:all).each do |role| %>
11
- <tr class="row">
12
- <% form_for role do |r| %>
13
- <td class="medium"><%= r.text_field :name %></td>
14
- <td class="large"><%= r.text_field :remarks, :rows => 1 %></td>
15
- <td class="small"><%= r.submit "OK" %></td>
16
- <% end %>
17
- </tr>
18
- <% end%>
19
- </table>
20
-
21
- <div class="linebreak"></div>
22
-
23
- <table>
24
- <% form_for(Cbac::GenericRole.new) do |new_role| %>
25
- <tr class="row">
26
- <th colspan="2">New generic role</th>
27
- </tr>
28
- <tr class="row">
29
- <td class="medium">Name</td>
30
- <td class="medium"><%= new_role.text_field :name %></td>
31
- </tr>
32
- <tr class="row">
33
- <td class="medium">Remarks</td>
34
- <td class="large"><%= new_role.text_field :remarks %></td>
35
- </tr>
36
- <tr class="row">
37
- <td colspan="2" class="submit"><%= new_role.submit "Create" %></td>
38
- </tr>
39
- <% end %>
40
- </table>
41
-
42
- <div class="linebreak"></div>
43
-
44
- <table>
45
- <% form_tag(:controller => "cbac/generic_roles", :action => "delete") do |f| %>
46
- <tr>
47
- <th colspan="2">Delete generic role</th>
48
- </tr>
49
- <tr>
50
- <td class="medium">Select role</td>
51
- <td class="medium"><%= select_tag "id", Cbac::GenericRole.find(:all).collect{|role|"<option value='#{role.id}'>#{role.name}</option>"} %>
52
- </td>
53
- </tr>
54
- <tr>
55
- <td colspan="2" class="submit"><%= submit_tag "Delete" %></td>
56
- </tr>
57
- <% end %>
58
- </table>
1
+ <div class="cbac">
2
+ <h1>Generic roles</h1>
3
+ <table>
4
+ <tr>
5
+ <th class="medium">Name</th>
6
+ <th class="large">Remarks</th>
7
+ <th class="small">&nbsp;</th>
8
+ </tr>
9
+
10
+ <% Cbac::GenericRole.find(:all).each do |role| %>
11
+ <tr class="row">
12
+ <% form_for role do |r| %>
13
+ <td class="medium"><%= r.text_field :name %></td>
14
+ <td class="large"><%= r.text_field :remarks, :rows => 1 %></td>
15
+ <td class="small"><%= r.submit "OK" %></td>
16
+ <% end %>
17
+ </tr>
18
+ <% end%>
19
+ </table>
20
+
21
+ <div class="linebreak"></div>
22
+
23
+ <table>
24
+ <% form_for(Cbac::GenericRole.new) do |new_role| %>
25
+ <tr class="row">
26
+ <th colspan="2">New generic role</th>
27
+ </tr>
28
+ <tr class="row">
29
+ <td class="medium">Name</td>
30
+ <td class="medium"><%= new_role.text_field :name %></td>
31
+ </tr>
32
+ <tr class="row">
33
+ <td class="medium">Remarks</td>
34
+ <td class="large"><%= new_role.text_field :remarks %></td>
35
+ </tr>
36
+ <tr class="row">
37
+ <td colspan="2" class="submit"><%= new_role.submit "Create" %></td>
38
+ </tr>
39
+ <% end %>
40
+ </table>
41
+
42
+ <div class="linebreak"></div>
43
+
44
+ <table>
45
+ <% form_tag(:controller => "cbac/generic_roles", :action => "delete") do |f| %>
46
+ <tr>
47
+ <th colspan="2">Delete generic role</th>
48
+ </tr>
49
+ <tr>
50
+ <td class="medium">Select role</td>
51
+ <td class="medium"><%= select_tag "id", Cbac::GenericRole.find(:all).collect{|role|"<option value='#{role.id}'>#{role.name}</option>"} %>
52
+ </td>
53
+ </tr>
54
+ <tr>
55
+ <td colspan="2" class="submit"><%= submit_tag "Delete" %></td>
56
+ </tr>
57
+ <% end %>
58
+ </table>
59
59
  </div>
@@ -1,18 +1,18 @@
1
- <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3
-
4
- <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
5
- <head>
6
- <meta http-equiv="content-type" content="text/html;charset=UTF-8" />
7
- <title>Context Based Access Control</title>
8
- <%= javascript_include_tag :defaults %>
9
- <%= stylesheet_link_tag "cbac" %>
10
- </head>
11
- <body>
12
- <%= link_to "Permissions", cbac_permissions_path %>
13
- <%= link_to "Generic roles", cbac_generic_roles_path %>
14
- <%= link_to "Memberships", cbac_memberships_path %>
15
- <%= link_to "Upgrade", cbac_upgrade_path %>
16
- <%= yield %>
17
- </body>
18
- </html>
1
+ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
2
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3
+
4
+ <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
5
+ <head>
6
+ <meta http-equiv="content-type" content="text/html;charset=UTF-8" />
7
+ <title>Context Based Access Control</title>
8
+ <%= javascript_include_tag :defaults %>
9
+ <%= stylesheet_link_tag "cbac" %>
10
+ </head>
11
+ <body>
12
+ <%= link_to "Permissions", cbac_permissions_path %>
13
+ <%= link_to "Generic roles", cbac_generic_roles_path %>
14
+ <%= link_to "Memberships", cbac_memberships_path %>
15
+ <%= link_to "Upgrade", cbac_upgrade_path %>
16
+ <%= yield %>
17
+ </body>
18
+ </html>
@@ -1,12 +1,12 @@
1
- <% update_name = generic_role.id.to_s + "__" + user_id.to_s %>
2
- <% unless update_partial %><div id="<%= update_name %>"><% end %>
3
- <% form_for "/cbac/memberships/update", :remote => true, :url => {:controller => "cbac/memberships", :action => "update"},
4
- :update => update_name, :before => "$('#{update_name}').style.visibility = 'hidden';",
5
- :complete => "$('#{update_name}').style.visibility = 'visible';" do %>
6
- <%= hidden_field_tag "generic_role_id" + update_name, generic_role.id.to_s, :name => "generic_role_id" %>
7
- <%= hidden_field_tag "user_id" + update_name, user_id.to_s, :name => "user_id" %>
8
- <%= check_box_tag "member" + update_name, "1",
9
- (Cbac::Membership.find(:all, :conditions => ["generic_role_id = ? AND user_id = ?", generic_role.id.to_s, user_id.to_s]).length > 0),
10
- {:onclick => "this.form.onsubmit();", :name => "member"}%>
11
- <% end %>
1
+ <% update_name = generic_role.id.to_s + "__" + user_id.to_s %>
2
+ <% unless update_partial %><div id="<%= update_name %>"><% end %>
3
+ <% form_for "/cbac/memberships/update", :remote => true, :url => {:controller => "cbac/memberships", :action => "update"},
4
+ :update => update_name, :before => "$('#{update_name}').style.visibility = 'hidden';",
5
+ :complete => "$('#{update_name}').style.visibility = 'visible';" do %>
6
+ <%= hidden_field_tag "generic_role_id" + update_name, generic_role.id.to_s, :name => "generic_role_id" %>
7
+ <%= hidden_field_tag "user_id" + update_name, user_id.to_s, :name => "user_id" %>
8
+ <%= check_box_tag "member" + update_name, "1",
9
+ (Cbac::Membership.find(:all, :conditions => ["generic_role_id = ? AND user_id = ?", generic_role.id.to_s, user_id.to_s]).length > 0),
10
+ {:onclick => "this.form.onsubmit();", :name => "member"}%>
11
+ <% end %>
12
12
  <% unless update_partial %></div><% end %>
@@ -1,23 +1,23 @@
1
- <div class="cbac">
2
- <h1>Memberships</h1>
3
- <table>
4
- <tr>
5
- <th class="medium">Users</th>
6
- <% @generic_roles.each do |role| %>
7
- <th><%= role.name %></th>
8
- <% end %>
9
- </tr>
10
- <% (@users.sort do |x,y| x.name.downcase <=> y.name.downcase end).each do |u| %>
11
- <tr>
12
- <%- # TODO: documentation must contain something on users having the 'name' method/ field %>
13
- <td><%= u.name %></td>
14
- <% @generic_roles.each do |generic_role| %>
15
- <td class="checked">
16
- <%= render :partial => "cbac/memberships/update.html", :locals => {:generic_role => generic_role,
17
- :user_id => u.id.to_s,:update_partial => false} %>
18
- </td>
19
- <% end %>
20
- </tr>
21
- <% end %>
22
- </table>
23
- </div>
1
+ <div class="cbac">
2
+ <h1>Memberships</h1>
3
+ <table>
4
+ <tr>
5
+ <th class="medium">Users</th>
6
+ <% @generic_roles.each do |role| %>
7
+ <th><%= role.name %></th>
8
+ <% end %>
9
+ </tr>
10
+ <% (@users.sort do |x,y| x.name.downcase <=> y.name.downcase end).each do |u| %>
11
+ <tr>
12
+ <%- # TODO: documentation must contain something on users having the 'name' method/ field %>
13
+ <td><%= u.name %></td>
14
+ <% @generic_roles.each do |generic_role| %>
15
+ <td class="checked">
16
+ <%= render :partial => "cbac/memberships/update.html", :locals => {:generic_role => generic_role,
17
+ :user_id => u.id.to_s,:update_partial => false} %>
18
+ </td>
19
+ <% end %>
20
+ </tr>
21
+ <% end %>
22
+ </table>
23
+ </div>
@@ -1,12 +1,12 @@
1
- <% update_name = "cr__" + context_role.to_s + "__" + set_id.to_s %>
2
- <% unless update_partial %><div id="<%= update_name %>"><% end %>
3
- <% form_for "/cbac/permissions/update", :remote => true, :url => cbac_permissions_update_path,
4
- :update => update_name, :before => "$('#{update_name}').style.visibility = 'hidden';",
5
- :complete => "$('#{update_name}').style.visibility = 'visible';" do %>
6
- <%= hidden_field_tag "context_role" + update_name, context_role.to_s, :name => "context_role" %>
7
- <%= hidden_field_tag "privilege_set_id" + update_name, set_id.to_s, :name => "privilege_set_id" %>
8
- <%= check_box_tag "permission" + update_name, "1",
9
- (Cbac::Permission.find(:all, :conditions => ["context_role = ? AND privilege_set_id = ?", context_role.to_s, set_id.to_s]).length > 0),
10
- {:onclick => "this.form.onsubmit();", :name => "permission"}%>
11
- <% end %>
1
+ <% update_name = "cr__" + context_role.to_s + "__" + set_id.to_s %>
2
+ <% unless update_partial %><div id="<%= update_name %>"><% end %>
3
+ <% form_for "/cbac/permissions/update", :remote => true, :url => cbac_permissions_update_path,
4
+ :update => update_name, :before => "$('#{update_name}').style.visibility = 'hidden';",
5
+ :complete => "$('#{update_name}').style.visibility = 'visible';" do %>
6
+ <%= hidden_field_tag "context_role" + update_name, context_role.to_s, :name => "context_role" %>
7
+ <%= hidden_field_tag "privilege_set_id" + update_name, set_id.to_s, :name => "privilege_set_id" %>
8
+ <%= check_box_tag "permission" + update_name, "1",
9
+ (Cbac::Permission.find(:all, :conditions => ["context_role = ? AND privilege_set_id = ?", context_role.to_s, set_id.to_s]).length > 0),
10
+ {:onclick => "this.form.onsubmit();", :name => "permission"}%>
11
+ <% end %>
12
12
  <% unless update_partial %></div><% end %>
@@ -1,12 +1,12 @@
1
- <% update_name = "gr__" + role.id.to_s + "__" + set_id.to_s %>
2
- <% unless update_partial %><div id="<%= update_name %>"><% end %>
3
- <% form_for "/cbac/permissions/update", :remote => true, :url => cbac_permissions_update_path,
4
- :update => update_name, :before => "$('#{update_name}').style.visibility = 'hidden';",
5
- :complete => "$('#{update_name}').style.visibility = 'visible';" do %>
6
- <%= hidden_field_tag "generic_role_id" + update_name, role.id.to_s, :name => "generic_role_id" %>
7
- <%= hidden_field_tag "privilege_set_id" + update_name, set_id.to_s, :name => "privilege_set_id" %>
8
- <%= check_box_tag "permission" + update_name, "1",
9
- (Cbac::Permission.find(:all, :conditions => ["generic_role_id = ? AND privilege_set_id = ?", role.id.to_s, set_id.to_s]).length > 0),
10
- {:onclick => "this.form.onsubmit();", :name => "permission"}%>
11
- <% end %>
1
+ <% update_name = "gr__" + role.id.to_s + "__" + set_id.to_s %>
2
+ <% unless update_partial %><div id="<%= update_name %>"><% end %>
3
+ <% form_for "/cbac/permissions/update", :remote => true, :url => cbac_permissions_update_path,
4
+ :update => update_name, :before => "$('#{update_name}').style.visibility = 'hidden';",
5
+ :complete => "$('#{update_name}').style.visibility = 'visible';" do %>
6
+ <%= hidden_field_tag "generic_role_id" + update_name, role.id.to_s, :name => "generic_role_id" %>
7
+ <%= hidden_field_tag "privilege_set_id" + update_name, set_id.to_s, :name => "privilege_set_id" %>
8
+ <%= check_box_tag "permission" + update_name, "1",
9
+ (Cbac::Permission.find(:all, :conditions => ["generic_role_id = ? AND privilege_set_id = ?", role.id.to_s, set_id.to_s]).length > 0),
10
+ {:onclick => "this.form.onsubmit();", :name => "permission"}%>
11
+ <% end %>
12
12
  <% unless update_partial %></div><% end %>
@@ -1,39 +1,39 @@
1
- <div class="cbac">
2
-
3
- <h2>Subset:</h2>
4
- <form action="<%= request.request_uri %>" method="get" name="subset_view_form">
5
- <b>Privilege set</b> starts with: <input type="text" name="priv_substr" value="<%= params[:priv_substr] %>" /><br />
6
- <b>Role</b> starts with: <input type="text" name="role_substr" value="<%= params[:role_substr] %>" /><br/>
7
- <input type="submit" value="Submit" />
8
- </form>
9
-
10
- <h1>Permissions</h1>
11
- <table>
12
- <tr>
13
- <th>Privilegeset</th>
14
- <% (@context_roles.sort { |x, y| x[0].to_s <=> y[0].to_s }).each do |name, comment| %>
15
- <th><%= name %></th>
16
- <% end %>
17
- <% (@generic_roles.sort { |x, y| x.name <=> y.name }).each do |role| %>
18
- <th><%= role.name %></th>
19
- <% end %>
20
- </tr>
21
- <% (@sets.sort do |x,y| x[0].to_s <=> y[0].to_s end).each do |token, set| %>
22
- <tr>
23
- <td><span title ="<%= set.comment %>"><%= set.name %></span></td>
24
- <% (@context_roles.sort { |x, y| x[0].to_s <=> y[0].to_s }).each do |context_role, comment| %>
25
- <td class="checked">
26
- <%= render :partial => "cbac/permissions/update_context_role.html", :locals => {:context_role => context_role.to_s,
27
- :set_id => set.id.to_s, :update_partial => false} %>
28
- </td>
29
- <% end %>
30
- <% (@generic_roles.sort { |x, y| x.name <=> y.name }).each do |role| %>
31
- <td class="checked">
32
- <%= render :partial => "cbac/permissions/update_generic_role.html", :locals => {:role => role,
33
- :set_id => set.id.to_s, :update_partial => false} %>
34
- </td>
35
- <% end %>
36
- </tr>
37
- <% end %>
38
- </table>
39
- </div>
1
+ <div class="cbac">
2
+
3
+ <h2>Subset:</h2>
4
+ <form action="<%= request.request_uri %>" method="get" name="subset_view_form">
5
+ <b>Privilege set</b> starts with: <input type="text" name="priv_substr" value="<%= params[:priv_substr] %>" /><br />
6
+ <b>Role</b> starts with: <input type="text" name="role_substr" value="<%= params[:role_substr] %>" /><br/>
7
+ <input type="submit" value="Submit" />
8
+ </form>
9
+
10
+ <h1>Permissions</h1>
11
+ <table>
12
+ <tr>
13
+ <th>Privilegeset</th>
14
+ <% (@context_roles.sort { |x, y| x[0].to_s <=> y[0].to_s }).each do |name, comment| %>
15
+ <th><%= name %></th>
16
+ <% end %>
17
+ <% (@generic_roles.sort { |x, y| x.name <=> y.name }).each do |role| %>
18
+ <th><%= role.name %></th>
19
+ <% end %>
20
+ </tr>
21
+ <% (@sets.sort do |x,y| x[0].to_s <=> y[0].to_s end).each do |token, set| %>
22
+ <tr>
23
+ <td><span title ="<%= set.comment %>"><%= set.name %></span></td>
24
+ <% (@context_roles.sort { |x, y| x[0].to_s <=> y[0].to_s }).each do |context_role, comment| %>
25
+ <td class="checked">
26
+ <%= render :partial => "cbac/permissions/update_context_role.html", :locals => {:context_role => context_role.to_s,
27
+ :set_id => set.id.to_s, :update_partial => false} %>
28
+ </td>
29
+ <% end %>
30
+ <% (@generic_roles.sort { |x, y| x.name <=> y.name }).each do |role| %>
31
+ <td class="checked">
32
+ <%= render :partial => "cbac/permissions/update_generic_role.html", :locals => {:role => role,
33
+ :set_id => set.id.to_s, :update_partial => false} %>
34
+ </td>
35
+ <% end %>
36
+ </tr>
37
+ <% end %>
38
+ </table>
39
+ </div>
@@ -1,32 +1,32 @@
1
- <div class="cbac">
2
- <h1>Permissions: available upgrades</h1>
3
- <span>Choose which of these available permissions you want to accept or reject.
4
- Each upgrade either adds a new permission or revokes an existing permission.
5
- You can also leave the available upgrade for another time.</span><br/><br/>
6
- <% form_tag cbac_upgrade_update_path do %>
7
- <table>
8
- <tr>
9
- <th class="medium">Add /revoke</th>
10
- <th class="large">Privilegeset</th>
11
- <th class="medium">Roletype</th>
12
- <th class="medium">Role</th>
13
- <th class="small">Accept</th>
14
- <th class="small">Reject</th>
15
- <th class="small">Leave</th>
16
- </tr>
17
- <% @permissions.each_with_index do |permission, index| %>
18
- <tr>
19
- <td><span><%=permission.operation_string.capitalize%></span><input type="hidden" name="permissions[<%=index.to_s%>][id]" value="<%=permission.id.to_s%>"/></td>
20
- <td><span title='<%=permission.privilege_set.comment%>'><%=permission.privilege_set_name%></span></td>
21
- <td><span><%=permission.pristine_role.role_type%></span></td>
22
- <td><span><%=permission.pristine_role.name%></span></td>
23
- <td><input type="radio" name="permissions[<%=index.to_s%>][action]" value="accept"/></td>
24
- <td><input type="radio" name="permissions[<%=index.to_s%>][action]" value="reject"/></td>
25
- <td><input type="radio" name="permissions[<%=index.to_s%>][action]" value="leave" checked="checked"/></td>
26
- </tr>
27
- <% end %>
28
- </table>
29
- <input type="button" value="Cancel" onclick="window.location.reload();"/>
30
- <input type="submit" value="OK"/>
31
- <% end %>
1
+ <div class="cbac">
2
+ <h1>Permissions: available upgrades</h1>
3
+ <span>Choose which of these available permissions you want to accept or reject.
4
+ Each upgrade either adds a new permission or revokes an existing permission.
5
+ You can also leave the available upgrade for another time.</span><br/><br/>
6
+ <% form_tag cbac_upgrade_update_path do %>
7
+ <table>
8
+ <tr>
9
+ <th class="medium">Add /revoke</th>
10
+ <th class="large">Privilegeset</th>
11
+ <th class="medium">Roletype</th>
12
+ <th class="medium">Role</th>
13
+ <th class="small">Accept</th>
14
+ <th class="small">Reject</th>
15
+ <th class="small">Leave</th>
16
+ </tr>
17
+ <% @permissions.each_with_index do |permission, index| %>
18
+ <tr>
19
+ <td><span><%=permission.operation_string.capitalize%></span><input type="hidden" name="permissions[<%=index.to_s%>][id]" value="<%=permission.id.to_s%>"/></td>
20
+ <td><span title='<%=permission.privilege_set.comment%>'><%=permission.privilege_set_name%></span></td>
21
+ <td><span><%=permission.pristine_role.role_type%></span></td>
22
+ <td><span><%=permission.pristine_role.name%></span></td>
23
+ <td><input type="radio" name="permissions[<%=index.to_s%>][action]" value="accept"/></td>
24
+ <td><input type="radio" name="permissions[<%=index.to_s%>][action]" value="reject"/></td>
25
+ <td><input type="radio" name="permissions[<%=index.to_s%>][action]" value="leave" checked="checked"/></td>
26
+ </tr>
27
+ <% end %>
28
+ </table>
29
+ <input type="button" value="Cancel" onclick="window.location.reload();"/>
30
+ <input type="submit" value="OK"/>
31
+ <% end %>
32
32
  </div>
@@ -0,0 +1,16 @@
1
+ class AddPristineFilesToCbacUpgradePath < ActiveRecord::Migration
2
+ def self.up
3
+ create_table :cbac_pristine_files do |t|
4
+ t.string :type
5
+ t.string :file_name
6
+ t.timestamps
7
+ end
8
+
9
+ add_column :cbac_staged_permissions, :pristine_file_id, :integer
10
+ end
11
+
12
+ def self.down
13
+ drop_table :cbac_pristine_files
14
+ remove_column :cbac_staged_permissions, :pristine_file_id
15
+ end
16
+ end
data/privileges.rb CHANGED
@@ -1,50 +1,50 @@
1
- ### Privileges.rb
2
- #
3
- # Defines the privilegesets and privileges for the CBAC system
4
- #
5
- include Cbac
6
-
7
- # Defining privilegesets
8
- PrivilegeSet.add :cbac_administration, "Allows administration of CBAC modules"
9
- PrivilegeSet.add :login, "Allows users to log onto the system"
10
- PrivilegeSet.add :news_item_read, "Allows reading news_item items"
11
- PrivilegeSet.add :news_item_create, "Allows creating news_item items"
12
- PrivilegeSet.add :news_item_update, "Allows changing existing news_item items"
13
- PrivilegeSet.add :news_item_administrator, "Allows administration of news items"
14
- PrivilegeSet.add :news_item_moderator, "Moderator"
15
-
16
- # Defining privileges
17
- Privilege.resource :cbac_administration, "cbac/permissions/index"
18
- Privilege.resource :cbac_administration, "cbac/permissions/update", :post
19
- Privilege.resource :cbac_administration, "cbac/generic_roles/index"
20
- Privilege.resource :cbac_administration, "cbac/generic_roles/update", :post
21
- Privilege.resource :cbac_administration, "cbac/generic_roles/create", :post
22
- Privilege.resource :cbac_administration, "cbac/generic_roles/delete", :post
23
- Privilege.resource :cbac_administration, "cbac/memberships/index"
24
- Privilege.resource :cbac_administration, "cbac/memberships/update", :post
25
- Privilege.resource :cbac_administration, "cbac/upgrade/index"
26
- Privilege.resource :cbac_administration, "cbac/upgrade/process_changes", :post
27
- Privilege.resource :login, "news_items/login", :POST
28
- Privilege.resource :news_item_read, "news_items/index"
29
- Privilege.resource :news_item_read, "news_items/show"
30
- Privilege.resource :news_item_create, "news_items/new"
31
- Privilege.resource :news_item_create, "news_items/create", :POST
32
- Privilege.resource :news_item_create, "news_items/create", :idempotent
33
- Privilege.resource :news_item_update, "news_items/edit"
34
- Privilege.resource :news_item_update, "news_items/update", :POST
35
-
36
- # Recursive privilegesets
37
- Privilege.include :news_item_moderator, :news_item_update
38
- Privilege.include :news_item_administrator, [:news_item_read, :news_item_create, :news_item_update]
39
-
40
- # Models
41
- # Enforcing mode
42
- #Privilege.model :blog_read, :blog, :load
43
- #Privilege.model :blog_create, :blog, :save
44
- #Privilege.model :blog_update, :blog, :update
45
- #Privilege.model :blog_update, :blog, :delete
46
- # model attributes
47
- #Privilege.model_attribute :blog_update, :blog, :author, :write
48
- #privilege.model_attribute :blog_update, :blog, :author, :w
49
- #privilege.model_attribute :blog_update, :blog, :author, :rw
50
-
1
+ ### Privileges.rb
2
+ #
3
+ # Defines the privilegesets and privileges for the CBAC system
4
+ #
5
+ include Cbac
6
+
7
+ # Defining privilegesets
8
+ PrivilegeSet.add :cbac_administration, "Allows administration of CBAC modules"
9
+ PrivilegeSet.add :login, "Allows users to log onto the system"
10
+ PrivilegeSet.add :news_item_read, "Allows reading news_item items"
11
+ PrivilegeSet.add :news_item_create, "Allows creating news_item items"
12
+ PrivilegeSet.add :news_item_update, "Allows changing existing news_item items"
13
+ PrivilegeSet.add :news_item_administrator, "Allows administration of news items"
14
+ PrivilegeSet.add :news_item_moderator, "Moderator"
15
+
16
+ # Defining privileges
17
+ Privilege.resource :cbac_administration, "cbac/permissions/index"
18
+ Privilege.resource :cbac_administration, "cbac/permissions/update", :post
19
+ Privilege.resource :cbac_administration, "cbac/generic_roles/index"
20
+ Privilege.resource :cbac_administration, "cbac/generic_roles/update", :post
21
+ Privilege.resource :cbac_administration, "cbac/generic_roles/create", :post
22
+ Privilege.resource :cbac_administration, "cbac/generic_roles/delete", :post
23
+ Privilege.resource :cbac_administration, "cbac/memberships/index"
24
+ Privilege.resource :cbac_administration, "cbac/memberships/update", :post
25
+ Privilege.resource :cbac_administration, "cbac/upgrade/index"
26
+ Privilege.resource :cbac_administration, "cbac/upgrade/process_changes", :post
27
+ Privilege.resource :login, "news_items/login", :POST
28
+ Privilege.resource :news_item_read, "news_items/index"
29
+ Privilege.resource :news_item_read, "news_items/show"
30
+ Privilege.resource :news_item_create, "news_items/new"
31
+ Privilege.resource :news_item_create, "news_items/create", :POST
32
+ Privilege.resource :news_item_create, "news_items/create", :idempotent
33
+ Privilege.resource :news_item_update, "news_items/edit"
34
+ Privilege.resource :news_item_update, "news_items/update", :POST
35
+
36
+ # Recursive privilegesets
37
+ Privilege.include :news_item_moderator, :news_item_update
38
+ Privilege.include :news_item_administrator, [:news_item_read, :news_item_create, :news_item_update]
39
+
40
+ # Models
41
+ # Enforcing mode
42
+ #Privilege.model :blog_read, :blog, :load
43
+ #Privilege.model :blog_create, :blog, :save
44
+ #Privilege.model :blog_update, :blog, :update
45
+ #Privilege.model :blog_update, :blog, :delete
46
+ # model attributes
47
+ #Privilege.model_attribute :blog_update, :blog, :author, :write
48
+ #privilege.model_attribute :blog_update, :blog, :author, :w
49
+ #privilege.model_attribute :blog_update, :blog, :author, :rw
50
+