cbac 0.6.1 → 0.6.2

data/lib/generators/cbac/copy_files/views/generic_roles/index.html.erb

@@ -1,59 +1,59 @@
-<div class="cbac">
-  <h1>Generic roles</h1>
-  <table>
-    <tr>
-      <th class="medium">Name</th>
-      <th class="large">Remarks</th>
-      <th class="small">&nbsp;</th>
-    </tr>
-
-    <% Cbac::GenericRole.find(:all).each do |role| %>
-      <tr class="row">
-        <% form_for role do |r| %>
-          <td class="medium"><%= r.text_field :name %></td>
-          <td class="large"><%= r.text_field :remarks, :rows => 1 %></td>
-          <td class="small"><%= r.submit "OK" %></td>
-        <% end %>
-      </tr>
-    <% end%>
-  </table>
-
-  <div class="linebreak"></div>
-
-  <table>
-    <% form_for(Cbac::GenericRole.new) do |new_role| %>
-      <tr class="row">
-        <th colspan="2">New generic role</th>
-      </tr>
-      <tr class="row">
-        <td class="medium">Name</td>
-        <td class="medium"><%= new_role.text_field :name %></td>
-      </tr>
-      <tr class="row">
-        <td class="medium">Remarks</td>
-        <td class="large"><%= new_role.text_field :remarks %></td>
-      </tr>
-      <tr class="row">
-        <td colspan="2" class="submit"><%= new_role.submit "Create" %></td>
-      </tr>
-    <% end %>
-  </table>
-
-  <div class="linebreak"></div>
-
-  <table>
-    <% form_tag(:controller => "cbac/generic_roles", :action => "delete") do |f| %>
-      <tr>
-        <th colspan="2">Delete generic role</th>
-      </tr>
-      <tr>
-        <td class="medium">Select role</td>
-        <td class="medium"><%= select_tag "id", Cbac::GenericRole.find(:all).collect{|role|"<option value='#{role.id}'>#{role.name}</option>"} %>
-        </td>
-      </tr>
-      <tr>
-        <td colspan="2" class="submit"><%= submit_tag "Delete" %></td>
-      </tr>
-    <% end %>
-  </table>
+<div class="cbac">
+  <h1>Generic roles</h1>
+  <table>
+    <tr>
+      <th class="medium">Name</th>
+      <th class="large">Remarks</th>
+      <th class="small">&nbsp;</th>
+    </tr>
+
+    <% Cbac::GenericRole.find(:all).each do |role| %>
+      <tr class="row">
+        <% form_for role do |r| %>
+          <td class="medium"><%= r.text_field :name %></td>
+          <td class="large"><%= r.text_field :remarks, :rows => 1 %></td>
+          <td class="small"><%= r.submit "OK" %></td>
+        <% end %>
+      </tr>
+    <% end%>
+  </table>
+
+  <div class="linebreak"></div>
+
+  <table>
+    <% form_for(Cbac::GenericRole.new) do |new_role| %>
+      <tr class="row">
+        <th colspan="2">New generic role</th>
+      </tr>
+      <tr class="row">
+        <td class="medium">Name</td>
+        <td class="medium"><%= new_role.text_field :name %></td>
+      </tr>
+      <tr class="row">
+        <td class="medium">Remarks</td>
+        <td class="large"><%= new_role.text_field :remarks %></td>
+      </tr>
+      <tr class="row">
+        <td colspan="2" class="submit"><%= new_role.submit "Create" %></td>
+      </tr>
+    <% end %>
+  </table>
+
+  <div class="linebreak"></div>
+
+  <table>
+    <% form_tag(:controller => "cbac/generic_roles", :action => "delete") do |f| %>
+      <tr>
+        <th colspan="2">Delete generic role</th>
+      </tr>
+      <tr>
+        <td class="medium">Select role</td>
+        <td class="medium"><%= select_tag "id", Cbac::GenericRole.find(:all).collect{|role|"<option value='#{role.id}'>#{role.name}</option>"} %>
+        </td>
+      </tr>
+      <tr>
+        <td colspan="2" class="submit"><%= submit_tag "Delete" %></td>
+      </tr>
+    <% end %>
+  </table>
 </div>

data/lib/generators/cbac/copy_files/views/layouts/cbac.html.erb

@@ -1,18 +1,18 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
-"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
-  <head>
-    <meta http-equiv="content-type" content="text/html;charset=UTF-8" />
-    <title>Context Based Access Control</title>
-    <%= javascript_include_tag :defaults %>
-    <%= stylesheet_link_tag "cbac" %>
-  </head>
-  <body>
-    <%= link_to "Permissions", cbac_permissions_path %>
-    <%= link_to "Generic roles", cbac_generic_roles_path %>
-    <%= link_to "Memberships", cbac_memberships_path %>
-    <%= link_to "Upgrade", cbac_upgrade_path %>
-    <%= yield %>
-  </body>
-</html>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    <meta http-equiv="content-type" content="text/html;charset=UTF-8" />
+    <title>Context Based Access Control</title>
+    <%= javascript_include_tag :defaults %>
+    <%= stylesheet_link_tag "cbac" %>
+  </head>
+  <body>
+    <%= link_to "Permissions", cbac_permissions_path %>
+    <%= link_to "Generic roles", cbac_generic_roles_path %>
+    <%= link_to "Memberships", cbac_memberships_path %>
+    <%= link_to "Upgrade", cbac_upgrade_path %>
+    <%= yield %>
+  </body>
+</html>

data/lib/generators/cbac/copy_files/views/memberships/_update.html.erb

@@ -1,12 +1,12 @@
-<% update_name = generic_role.id.to_s + "__" + user_id.to_s %>
-<% unless update_partial %><div id="<%= update_name %>"><% end %>
-  <% form_for "/cbac/memberships/update", :remote => true, :url => {:controller => "cbac/memberships", :action => "update"},
-    :update => update_name, :before => "$('#{update_name}').style.visibility = 'hidden';",
-    :complete => "$('#{update_name}').style.visibility = 'visible';" do %>
-    <%= hidden_field_tag "generic_role_id" + update_name, generic_role.id.to_s, :name => "generic_role_id" %>
-    <%= hidden_field_tag "user_id" + update_name, user_id.to_s, :name => "user_id" %>
-    <%= check_box_tag "member" + update_name, "1",
-      (Cbac::Membership.find(:all, :conditions => ["generic_role_id = ? AND user_id = ?", generic_role.id.to_s, user_id.to_s]).length > 0),
-      {:onclick => "this.form.onsubmit();", :name => "member"}%>
-  <% end %>
+<% update_name = generic_role.id.to_s + "__" + user_id.to_s %>
+<% unless update_partial %><div id="<%= update_name %>"><% end %>
+  <% form_for "/cbac/memberships/update", :remote => true, :url => {:controller => "cbac/memberships", :action => "update"},
+    :update => update_name, :before => "$('#{update_name}').style.visibility = 'hidden';",
+    :complete => "$('#{update_name}').style.visibility = 'visible';" do %>
+    <%= hidden_field_tag "generic_role_id" + update_name, generic_role.id.to_s, :name => "generic_role_id" %>
+    <%= hidden_field_tag "user_id" + update_name, user_id.to_s, :name => "user_id" %>
+    <%= check_box_tag "member" + update_name, "1",
+      (Cbac::Membership.find(:all, :conditions => ["generic_role_id = ? AND user_id = ?", generic_role.id.to_s, user_id.to_s]).length > 0),
+      {:onclick => "this.form.onsubmit();", :name => "member"}%>
+  <% end %>
 <% unless update_partial %></div><% end %>

data/lib/generators/cbac/copy_files/views/memberships/index.html.erb

@@ -1,23 +1,23 @@
-<div class="cbac">
-  <h1>Memberships</h1>
-  <table>
-    <tr>
-      <th class="medium">Users</th>
-      <% @generic_roles.each do |role| %>
-        <th><%= role.name %></th>
-      <% end %>
-    </tr>
-    <% (@users.sort do |x,y| x.name.downcase <=> y.name.downcase end).each do |u| %>
-      <tr>
-<%- # TODO: documentation must contain something on users having the 'name' method/ field %>
-        <td><%= u.name %></td>
-        <% @generic_roles.each do |generic_role| %>
-          <td class="checked">
-            <%= render :partial => "cbac/memberships/update.html", :locals => {:generic_role => generic_role,
-              :user_id => u.id.to_s,:update_partial => false} %>
-          </td>
-        <% end %>
-      </tr>
-    <% end %>
-  </table>
-</div>
+<div class="cbac">
+  <h1>Memberships</h1>
+  <table>
+    <tr>
+      <th class="medium">Users</th>
+      <% @generic_roles.each do |role| %>
+        <th><%= role.name %></th>
+      <% end %>
+    </tr>
+    <% (@users.sort do |x,y| x.name.downcase <=> y.name.downcase end).each do |u| %>
+      <tr>
+<%- # TODO: documentation must contain something on users having the 'name' method/ field %>
+        <td><%= u.name %></td>
+        <% @generic_roles.each do |generic_role| %>
+          <td class="checked">
+            <%= render :partial => "cbac/memberships/update.html", :locals => {:generic_role => generic_role,
+              :user_id => u.id.to_s,:update_partial => false} %>
+          </td>
+        <% end %>
+      </tr>
+    <% end %>
+  </table>
+</div>

data/lib/generators/cbac/copy_files/views/permissions/_update_context_role.html.erb

@@ -1,12 +1,12 @@
-<% update_name = "cr__" + context_role.to_s + "__" + set_id.to_s %>
-<% unless update_partial %><div id="<%= update_name %>"><% end %>
-  <% form_for "/cbac/permissions/update", :remote => true, :url => cbac_permissions_update_path,
-    :update => update_name, :before => "$('#{update_name}').style.visibility = 'hidden';",
-    :complete => "$('#{update_name}').style.visibility = 'visible';" do %>
-    <%= hidden_field_tag "context_role" + update_name, context_role.to_s, :name => "context_role" %>
-    <%= hidden_field_tag "privilege_set_id" + update_name, set_id.to_s, :name => "privilege_set_id" %>
-    <%= check_box_tag "permission" + update_name, "1",
-      (Cbac::Permission.find(:all, :conditions => ["context_role = ? AND privilege_set_id = ?", context_role.to_s, set_id.to_s]).length > 0),
-      {:onclick => "this.form.onsubmit();", :name => "permission"}%>
-  <% end %>
+<% update_name = "cr__" + context_role.to_s + "__" + set_id.to_s %>
+<% unless update_partial %><div id="<%= update_name %>"><% end %>
+  <% form_for "/cbac/permissions/update", :remote => true, :url => cbac_permissions_update_path,
+    :update => update_name, :before => "$('#{update_name}').style.visibility = 'hidden';",
+    :complete => "$('#{update_name}').style.visibility = 'visible';" do %>
+    <%= hidden_field_tag "context_role" + update_name, context_role.to_s, :name => "context_role" %>
+    <%= hidden_field_tag "privilege_set_id" + update_name, set_id.to_s, :name => "privilege_set_id" %>
+    <%= check_box_tag "permission" + update_name, "1",
+      (Cbac::Permission.find(:all, :conditions => ["context_role = ? AND privilege_set_id = ?", context_role.to_s, set_id.to_s]).length > 0),
+      {:onclick => "this.form.onsubmit();", :name => "permission"}%>
+  <% end %>
 <% unless update_partial %></div><% end %>

data/lib/generators/cbac/copy_files/views/permissions/_update_generic_role.html.erb

@@ -1,12 +1,12 @@
-<% update_name = "gr__" + role.id.to_s + "__" + set_id.to_s %>
-<% unless update_partial %><div id="<%= update_name %>"><% end %>
-  <% form_for "/cbac/permissions/update", :remote => true, :url => cbac_permissions_update_path,
-    :update => update_name, :before => "$('#{update_name}').style.visibility = 'hidden';",
-    :complete => "$('#{update_name}').style.visibility = 'visible';" do %>
-    <%= hidden_field_tag "generic_role_id" + update_name, role.id.to_s, :name => "generic_role_id" %>
-    <%= hidden_field_tag "privilege_set_id" + update_name, set_id.to_s, :name => "privilege_set_id" %>
-    <%= check_box_tag "permission" + update_name, "1",
-      (Cbac::Permission.find(:all, :conditions => ["generic_role_id = ? AND privilege_set_id = ?", role.id.to_s, set_id.to_s]).length > 0),
-      {:onclick => "this.form.onsubmit();", :name => "permission"}%>
-  <% end %>
+<% update_name = "gr__" + role.id.to_s + "__" + set_id.to_s %>
+<% unless update_partial %><div id="<%= update_name %>"><% end %>
+  <% form_for "/cbac/permissions/update", :remote => true, :url => cbac_permissions_update_path,
+    :update => update_name, :before => "$('#{update_name}').style.visibility = 'hidden';",
+    :complete => "$('#{update_name}').style.visibility = 'visible';" do %>
+    <%= hidden_field_tag "generic_role_id" + update_name, role.id.to_s, :name => "generic_role_id" %>
+    <%= hidden_field_tag "privilege_set_id" + update_name, set_id.to_s, :name => "privilege_set_id" %>
+    <%= check_box_tag "permission" + update_name, "1",
+      (Cbac::Permission.find(:all, :conditions => ["generic_role_id = ? AND privilege_set_id = ?", role.id.to_s, set_id.to_s]).length > 0),
+      {:onclick => "this.form.onsubmit();", :name => "permission"}%>
+  <% end %>
 <% unless update_partial %></div><% end %>

data/lib/generators/cbac/copy_files/views/permissions/index.html.erb

@@ -1,39 +1,39 @@
-<div class="cbac">
-
-  <h2>Subset:</h2>
-  <form action="<%= request.request_uri %>" method="get" name="subset_view_form">
-    <b>Privilege set</b> starts with: <input type="text" name="priv_substr" value="<%= params[:priv_substr] %>" /><br />
-    <b>Role</b> starts with: <input type="text" name="role_substr" value="<%= params[:role_substr] %>" /><br/>
-    <input type="submit" value="Submit" />
-  </form>
-
-  <h1>Permissions</h1>
-  <table>
-    <tr>
-      <th>Privilegeset</th>
-      <% (@context_roles.sort { |x, y| x[0].to_s <=> y[0].to_s }).each do |name, comment| %>
-        <th><%= name %></th>
-      <% end %>
-      <% (@generic_roles.sort { |x, y| x.name <=> y.name }).each do |role| %>
-        <th><%= role.name %></th>
-      <% end %>
-    </tr>
-    <% (@sets.sort do |x,y| x[0].to_s <=> y[0].to_s end).each do |token, set| %>
-      <tr>
-        <td><span title ="<%= set.comment %>"><%= set.name %></span></td>
-        <% (@context_roles.sort { |x, y| x[0].to_s <=> y[0].to_s }).each do |context_role, comment| %>
-          <td class="checked">
-            <%= render :partial => "cbac/permissions/update_context_role.html", :locals => {:context_role => context_role.to_s,
-              :set_id => set.id.to_s, :update_partial => false} %>
-          </td>
-        <% end %>
-        <% (@generic_roles.sort { |x, y| x.name <=> y.name }).each do |role| %>
-          <td class="checked">
-            <%= render :partial => "cbac/permissions/update_generic_role.html", :locals => {:role => role,
-              :set_id => set.id.to_s, :update_partial => false} %>
-          </td>
-        <% end %>
-      </tr>
-    <% end %>
-  </table>
-</div>
+<div class="cbac">
+
+  <h2>Subset:</h2>
+  <form action="<%= request.request_uri %>" method="get" name="subset_view_form">
+    <b>Privilege set</b> starts with: <input type="text" name="priv_substr" value="<%= params[:priv_substr] %>" /><br />
+    <b>Role</b> starts with: <input type="text" name="role_substr" value="<%= params[:role_substr] %>" /><br/>
+    <input type="submit" value="Submit" />
+  </form>
+
+  <h1>Permissions</h1>
+  <table>
+    <tr>
+      <th>Privilegeset</th>
+      <% (@context_roles.sort { |x, y| x[0].to_s <=> y[0].to_s }).each do |name, comment| %>
+        <th><%= name %></th>
+      <% end %>
+      <% (@generic_roles.sort { |x, y| x.name <=> y.name }).each do |role| %>
+        <th><%= role.name %></th>
+      <% end %>
+    </tr>
+    <% (@sets.sort do |x,y| x[0].to_s <=> y[0].to_s end).each do |token, set| %>
+      <tr>
+        <td><span title ="<%= set.comment %>"><%= set.name %></span></td>
+        <% (@context_roles.sort { |x, y| x[0].to_s <=> y[0].to_s }).each do |context_role, comment| %>
+          <td class="checked">
+            <%= render :partial => "cbac/permissions/update_context_role.html", :locals => {:context_role => context_role.to_s,
+              :set_id => set.id.to_s, :update_partial => false} %>
+          </td>
+        <% end %>
+        <% (@generic_roles.sort { |x, y| x.name <=> y.name }).each do |role| %>
+          <td class="checked">
+            <%= render :partial => "cbac/permissions/update_generic_role.html", :locals => {:role => role,
+              :set_id => set.id.to_s, :update_partial => false} %>
+          </td>
+        <% end %>
+      </tr>
+    <% end %>
+  </table>
+</div>

data/lib/generators/cbac/copy_files/views/upgrade/index.html.erb

@@ -1,32 +1,32 @@
-<div class="cbac">
-  <h1>Permissions: available upgrades</h1>
-  <span>Choose which of these available permissions you want to accept or reject.
-    Each upgrade either adds a new permission or revokes an existing permission.
-    You can also leave the available upgrade for another time.</span><br/><br/>
-  <% form_tag cbac_upgrade_update_path  do %>
-  <table>
-    <tr>
-      <th class="medium">Add /revoke</th>
-      <th class="large">Privilegeset</th>
-      <th class="medium">Roletype</th>
-      <th class="medium">Role</th>
-      <th class="small">Accept</th>
-      <th class="small">Reject</th>
-      <th class="small">Leave</th>
-    </tr>
-    <% @permissions.each_with_index do |permission, index|  %>
-        <tr>
-          <td><span><%=permission.operation_string.capitalize%></span><input type="hidden" name="permissions[<%=index.to_s%>][id]" value="<%=permission.id.to_s%>"/></td>
-          <td><span title='<%=permission.privilege_set.comment%>'><%=permission.privilege_set_name%></span></td>
-          <td><span><%=permission.pristine_role.role_type%></span></td>
-          <td><span><%=permission.pristine_role.name%></span></td>
-          <td><input type="radio" name="permissions[<%=index.to_s%>][action]" value="accept"/></td>
-          <td><input type="radio" name="permissions[<%=index.to_s%>][action]" value="reject"/></td>
-          <td><input type="radio" name="permissions[<%=index.to_s%>][action]" value="leave" checked="checked"/></td>
-        </tr>
-     <% end %>
-  </table>
-    <input type="button" value="Cancel" onclick="window.location.reload();"/>
-    <input type="submit" value="OK"/>
-  <% end %>
+<div class="cbac">
+  <h1>Permissions: available upgrades</h1>
+  <span>Choose which of these available permissions you want to accept or reject.
+    Each upgrade either adds a new permission or revokes an existing permission.
+    You can also leave the available upgrade for another time.</span><br/><br/>
+  <% form_tag cbac_upgrade_update_path  do %>
+  <table>
+    <tr>
+      <th class="medium">Add /revoke</th>
+      <th class="large">Privilegeset</th>
+      <th class="medium">Roletype</th>
+      <th class="medium">Role</th>
+      <th class="small">Accept</th>
+      <th class="small">Reject</th>
+      <th class="small">Leave</th>
+    </tr>
+    <% @permissions.each_with_index do |permission, index|  %>
+        <tr>
+          <td><span><%=permission.operation_string.capitalize%></span><input type="hidden" name="permissions[<%=index.to_s%>][id]" value="<%=permission.id.to_s%>"/></td>
+          <td><span title='<%=permission.privilege_set.comment%>'><%=permission.privilege_set_name%></span></td>
+          <td><span><%=permission.pristine_role.role_type%></span></td>
+          <td><span><%=permission.pristine_role.name%></span></td>
+          <td><input type="radio" name="permissions[<%=index.to_s%>][action]" value="accept"/></td>
+          <td><input type="radio" name="permissions[<%=index.to_s%>][action]" value="reject"/></td>
+          <td><input type="radio" name="permissions[<%=index.to_s%>][action]" value="leave" checked="checked"/></td>
+        </tr>
+     <% end %>
+  </table>
+    <input type="button" value="Cancel" onclick="window.location.reload();"/>
+    <input type="submit" value="OK"/>
+  <% end %>
 </div>

data/migrations/20110211105533_add_pristine_files_to_cbac_upgrade_path.rb

@@ -0,0 +1,16 @@
+class AddPristineFilesToCbacUpgradePath < ActiveRecord::Migration
+  def self.up
+    create_table :cbac_pristine_files do |t|
+      t.string :type
+      t.string :file_name
+      t.timestamps
+    end
+
+    add_column :cbac_staged_permissions, :pristine_file_id, :integer
+  end
+
+  def self.down
+    drop_table :cbac_pristine_files
+    remove_column :cbac_staged_permissions, :pristine_file_id
+  end
+end

data/privileges.rb

@@ -1,50 +1,50 @@
-### Privileges.rb
-#
-# Defines the privilegesets and privileges for the CBAC system
-#
-include Cbac
-
-# Defining privilegesets
-PrivilegeSet.add :cbac_administration, "Allows administration of CBAC modules"
-PrivilegeSet.add :login, "Allows users to log onto the system"
-PrivilegeSet.add :news_item_read, "Allows reading news_item items"
-PrivilegeSet.add :news_item_create, "Allows creating news_item items"
-PrivilegeSet.add :news_item_update, "Allows changing existing news_item items"
-PrivilegeSet.add :news_item_administrator, "Allows administration of news items"
-PrivilegeSet.add :news_item_moderator, "Moderator"
-
-# Defining privileges
-Privilege.resource :cbac_administration, "cbac/permissions/index"
-Privilege.resource :cbac_administration, "cbac/permissions/update", :post
-Privilege.resource :cbac_administration, "cbac/generic_roles/index"
-Privilege.resource :cbac_administration, "cbac/generic_roles/update", :post
-Privilege.resource :cbac_administration, "cbac/generic_roles/create", :post
-Privilege.resource :cbac_administration, "cbac/generic_roles/delete", :post
-Privilege.resource :cbac_administration, "cbac/memberships/index"
-Privilege.resource :cbac_administration, "cbac/memberships/update", :post
-Privilege.resource :cbac_administration, "cbac/upgrade/index"
-Privilege.resource :cbac_administration, "cbac/upgrade/process_changes", :post
-Privilege.resource :login, "news_items/login", :POST
-Privilege.resource :news_item_read, "news_items/index"
-Privilege.resource :news_item_read, "news_items/show"
-Privilege.resource :news_item_create, "news_items/new"
-Privilege.resource :news_item_create, "news_items/create", :POST
-Privilege.resource :news_item_create, "news_items/create", :idempotent
-Privilege.resource :news_item_update, "news_items/edit"
-Privilege.resource :news_item_update, "news_items/update", :POST
-
-# Recursive privilegesets
-Privilege.include :news_item_moderator, :news_item_update
-Privilege.include :news_item_administrator, [:news_item_read, :news_item_create, :news_item_update]
-
-# Models
-# Enforcing mode
-#Privilege.model :blog_read, :blog, :load
-#Privilege.model :blog_create, :blog, :save
-#Privilege.model :blog_update, :blog, :update
-#Privilege.model :blog_update, :blog, :delete
-# model attributes
-#Privilege.model_attribute :blog_update, :blog, :author, :write
-#privilege.model_attribute :blog_update, :blog, :author, :w
-#privilege.model_attribute :blog_update, :blog, :author, :rw
-
+### Privileges.rb
+#
+# Defines the privilegesets and privileges for the CBAC system
+#
+include Cbac
+
+# Defining privilegesets
+PrivilegeSet.add :cbac_administration, "Allows administration of CBAC modules"
+PrivilegeSet.add :login, "Allows users to log onto the system"
+PrivilegeSet.add :news_item_read, "Allows reading news_item items"
+PrivilegeSet.add :news_item_create, "Allows creating news_item items"
+PrivilegeSet.add :news_item_update, "Allows changing existing news_item items"
+PrivilegeSet.add :news_item_administrator, "Allows administration of news items"
+PrivilegeSet.add :news_item_moderator, "Moderator"
+
+# Defining privileges
+Privilege.resource :cbac_administration, "cbac/permissions/index"
+Privilege.resource :cbac_administration, "cbac/permissions/update", :post
+Privilege.resource :cbac_administration, "cbac/generic_roles/index"
+Privilege.resource :cbac_administration, "cbac/generic_roles/update", :post
+Privilege.resource :cbac_administration, "cbac/generic_roles/create", :post
+Privilege.resource :cbac_administration, "cbac/generic_roles/delete", :post
+Privilege.resource :cbac_administration, "cbac/memberships/index"
+Privilege.resource :cbac_administration, "cbac/memberships/update", :post
+Privilege.resource :cbac_administration, "cbac/upgrade/index"
+Privilege.resource :cbac_administration, "cbac/upgrade/process_changes", :post
+Privilege.resource :login, "news_items/login", :POST
+Privilege.resource :news_item_read, "news_items/index"
+Privilege.resource :news_item_read, "news_items/show"
+Privilege.resource :news_item_create, "news_items/new"
+Privilege.resource :news_item_create, "news_items/create", :POST
+Privilege.resource :news_item_create, "news_items/create", :idempotent
+Privilege.resource :news_item_update, "news_items/edit"
+Privilege.resource :news_item_update, "news_items/update", :POST
+
+# Recursive privilegesets
+Privilege.include :news_item_moderator, :news_item_update
+Privilege.include :news_item_administrator, [:news_item_read, :news_item_create, :news_item_update]
+
+# Models
+# Enforcing mode
+#Privilege.model :blog_read, :blog, :load
+#Privilege.model :blog_create, :blog, :save
+#Privilege.model :blog_update, :blog, :update
+#Privilege.model :blog_update, :blog, :delete
+# model attributes
+#Privilege.model_attribute :blog_update, :blog, :author, :write
+#privilege.model_attribute :blog_update, :blog, :author, :w
+#privilege.model_attribute :blog_update, :blog, :author, :rw
+