cbac 0.6.1 → 0.6.2
Sign up to get free protection for your applications and to get access to all the features.
- data/Manifest +70 -74
- data/README.rdoc +51 -51
- data/Rakefile +39 -39
- data/cbac.gemspec +30 -31
- data/config/cbac/context_roles.rb +21 -21
- data/config/cbac/privileges.rb +50 -50
- data/context_roles.rb +21 -21
- data/init.rb +3 -3
- data/lib/cbac.rb +132 -132
- data/lib/cbac/cbac_pristine/pristine.rb +138 -135
- data/lib/cbac/cbac_pristine/pristine_file.rb +173 -170
- data/lib/cbac/cbac_pristine/pristine_permission.rb +205 -194
- data/lib/cbac/cbac_pristine/pristine_role.rb +41 -41
- data/lib/cbac/config.rb +9 -9
- data/lib/cbac/context_role.rb +27 -27
- data/lib/cbac/generic_role.rb +5 -5
- data/lib/cbac/known_permission.rb +14 -14
- data/lib/cbac/membership.rb +3 -3
- data/lib/cbac/permission.rb +5 -5
- data/lib/cbac/privilege.rb +117 -117
- data/lib/cbac/privilege_new_api.rb +56 -56
- data/lib/cbac/privilege_set.rb +29 -29
- data/lib/cbac/privilege_set_record.rb +6 -6
- data/lib/cbac/setup.rb +37 -37
- data/lib/generators/cbac/USAGE +33 -33
- data/lib/generators/cbac/cbac_generator.rb +75 -75
- data/lib/generators/cbac/copy_files/config/cbac.pristine +2 -2
- data/lib/generators/cbac/copy_files/config/context_roles.rb +17 -17
- data/lib/generators/cbac/copy_files/config/privileges.rb +25 -25
- data/lib/generators/cbac/copy_files/controllers/generic_roles_controller.rb +30 -30
- data/lib/generators/cbac/copy_files/controllers/memberships_controller.rb +22 -22
- data/lib/generators/cbac/copy_files/controllers/permissions_controller.rb +61 -61
- data/lib/generators/cbac/copy_files/controllers/upgrade_controller.rb +23 -23
- data/lib/generators/cbac/copy_files/fixtures/cbac_generic_roles.yml +9 -9
- data/lib/generators/cbac/copy_files/fixtures/cbac_memberships.yml +8 -8
- data/lib/generators/cbac/copy_files/fixtures/cbac_permissions.yml +8 -8
- data/lib/generators/cbac/copy_files/initializers/cbac_config.rb +4 -4
- data/lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb +59 -59
- data/lib/generators/cbac/copy_files/migrate/create_cbac_upgrade_path.rb +40 -31
- data/lib/generators/cbac/copy_files/stylesheets/cbac.css +65 -65
- data/lib/generators/cbac/copy_files/tasks/cbac.rake +345 -345
- data/lib/generators/cbac/copy_files/views/generic_roles/index.html.erb +58 -58
- data/lib/generators/cbac/copy_files/views/layouts/cbac.html.erb +18 -18
- data/lib/generators/cbac/copy_files/views/memberships/_update.html.erb +11 -11
- data/lib/generators/cbac/copy_files/views/memberships/index.html.erb +23 -23
- data/lib/generators/cbac/copy_files/views/permissions/_update_context_role.html.erb +11 -11
- data/lib/generators/cbac/copy_files/views/permissions/_update_generic_role.html.erb +11 -11
- data/lib/generators/cbac/copy_files/views/permissions/index.html.erb +39 -39
- data/lib/generators/cbac/copy_files/views/upgrade/index.html.erb +31 -31
- data/migrations/20110211105533_add_pristine_files_to_cbac_upgrade_path.rb +16 -0
- data/privileges.rb +50 -50
- data/spec/cbac_pristine_file_spec.rb +329 -329
- data/spec/cbac_pristine_permission_spec.rb +358 -358
- data/spec/cbac_pristine_role_spec.rb +85 -85
- data/spec/rcov.opts +1 -1
- data/spec/spec.opts +4 -4
- data/spec/spec_helper.rb +11 -11
- data/tasks/cbac.rake +345 -345
- data/test/fixtures/cbac_generic_roles.yml +9 -9
- data/test/fixtures/cbac_memberships.yml +8 -8
- data/test/fixtures/cbac_permissions.yml +14 -14
- data/test/fixtures/cbac_privilege_set.yml +18 -18
- data/test/test_cbac_actions.rb +71 -71
- data/test/test_cbac_authorize_context_roles.rb +39 -39
- data/test/test_cbac_authorize_generic_roles.rb +36 -36
- data/test/test_cbac_context_role.rb +50 -50
- data/test/test_cbac_privilege.rb +151 -151
- data/test/test_cbac_privilege_set.rb +50 -50
- data/test/test_helper.rb +28 -28
- metadata +14 -15
- data/nbproject/private/private.properties +0 -3
- data/nbproject/private/private.xml +0 -4
- data/nbproject/private/rake-d.txt +0 -0
- data/nbproject/project.properties +0 -9
- data/nbproject/project.xml +0 -16
@@ -1,59 +1,59 @@
|
|
1
|
-
<div class="cbac">
|
2
|
-
<h1>Generic roles</h1>
|
3
|
-
<table>
|
4
|
-
<tr>
|
5
|
-
<th class="medium">Name</th>
|
6
|
-
<th class="large">Remarks</th>
|
7
|
-
<th class="small"> </th>
|
8
|
-
</tr>
|
9
|
-
|
10
|
-
<% Cbac::GenericRole.find(:all).each do |role| %>
|
11
|
-
<tr class="row">
|
12
|
-
<% form_for role do |r| %>
|
13
|
-
<td class="medium"><%= r.text_field :name %></td>
|
14
|
-
<td class="large"><%= r.text_field :remarks, :rows => 1 %></td>
|
15
|
-
<td class="small"><%= r.submit "OK" %></td>
|
16
|
-
<% end %>
|
17
|
-
</tr>
|
18
|
-
<% end%>
|
19
|
-
</table>
|
20
|
-
|
21
|
-
<div class="linebreak"></div>
|
22
|
-
|
23
|
-
<table>
|
24
|
-
<% form_for(Cbac::GenericRole.new) do |new_role| %>
|
25
|
-
<tr class="row">
|
26
|
-
<th colspan="2">New generic role</th>
|
27
|
-
</tr>
|
28
|
-
<tr class="row">
|
29
|
-
<td class="medium">Name</td>
|
30
|
-
<td class="medium"><%= new_role.text_field :name %></td>
|
31
|
-
</tr>
|
32
|
-
<tr class="row">
|
33
|
-
<td class="medium">Remarks</td>
|
34
|
-
<td class="large"><%= new_role.text_field :remarks %></td>
|
35
|
-
</tr>
|
36
|
-
<tr class="row">
|
37
|
-
<td colspan="2" class="submit"><%= new_role.submit "Create" %></td>
|
38
|
-
</tr>
|
39
|
-
<% end %>
|
40
|
-
</table>
|
41
|
-
|
42
|
-
<div class="linebreak"></div>
|
43
|
-
|
44
|
-
<table>
|
45
|
-
<% form_tag(:controller => "cbac/generic_roles", :action => "delete") do |f| %>
|
46
|
-
<tr>
|
47
|
-
<th colspan="2">Delete generic role</th>
|
48
|
-
</tr>
|
49
|
-
<tr>
|
50
|
-
<td class="medium">Select role</td>
|
51
|
-
<td class="medium"><%= select_tag "id", Cbac::GenericRole.find(:all).collect{|role|"<option value='#{role.id}'>#{role.name}</option>"} %>
|
52
|
-
</td>
|
53
|
-
</tr>
|
54
|
-
<tr>
|
55
|
-
<td colspan="2" class="submit"><%= submit_tag "Delete" %></td>
|
56
|
-
</tr>
|
57
|
-
<% end %>
|
58
|
-
</table>
|
1
|
+
<div class="cbac">
|
2
|
+
<h1>Generic roles</h1>
|
3
|
+
<table>
|
4
|
+
<tr>
|
5
|
+
<th class="medium">Name</th>
|
6
|
+
<th class="large">Remarks</th>
|
7
|
+
<th class="small"> </th>
|
8
|
+
</tr>
|
9
|
+
|
10
|
+
<% Cbac::GenericRole.find(:all).each do |role| %>
|
11
|
+
<tr class="row">
|
12
|
+
<% form_for role do |r| %>
|
13
|
+
<td class="medium"><%= r.text_field :name %></td>
|
14
|
+
<td class="large"><%= r.text_field :remarks, :rows => 1 %></td>
|
15
|
+
<td class="small"><%= r.submit "OK" %></td>
|
16
|
+
<% end %>
|
17
|
+
</tr>
|
18
|
+
<% end%>
|
19
|
+
</table>
|
20
|
+
|
21
|
+
<div class="linebreak"></div>
|
22
|
+
|
23
|
+
<table>
|
24
|
+
<% form_for(Cbac::GenericRole.new) do |new_role| %>
|
25
|
+
<tr class="row">
|
26
|
+
<th colspan="2">New generic role</th>
|
27
|
+
</tr>
|
28
|
+
<tr class="row">
|
29
|
+
<td class="medium">Name</td>
|
30
|
+
<td class="medium"><%= new_role.text_field :name %></td>
|
31
|
+
</tr>
|
32
|
+
<tr class="row">
|
33
|
+
<td class="medium">Remarks</td>
|
34
|
+
<td class="large"><%= new_role.text_field :remarks %></td>
|
35
|
+
</tr>
|
36
|
+
<tr class="row">
|
37
|
+
<td colspan="2" class="submit"><%= new_role.submit "Create" %></td>
|
38
|
+
</tr>
|
39
|
+
<% end %>
|
40
|
+
</table>
|
41
|
+
|
42
|
+
<div class="linebreak"></div>
|
43
|
+
|
44
|
+
<table>
|
45
|
+
<% form_tag(:controller => "cbac/generic_roles", :action => "delete") do |f| %>
|
46
|
+
<tr>
|
47
|
+
<th colspan="2">Delete generic role</th>
|
48
|
+
</tr>
|
49
|
+
<tr>
|
50
|
+
<td class="medium">Select role</td>
|
51
|
+
<td class="medium"><%= select_tag "id", Cbac::GenericRole.find(:all).collect{|role|"<option value='#{role.id}'>#{role.name}</option>"} %>
|
52
|
+
</td>
|
53
|
+
</tr>
|
54
|
+
<tr>
|
55
|
+
<td colspan="2" class="submit"><%= submit_tag "Delete" %></td>
|
56
|
+
</tr>
|
57
|
+
<% end %>
|
58
|
+
</table>
|
59
59
|
</div>
|
@@ -1,18 +1,18 @@
|
|
1
|
-
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
2
|
-
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
3
|
-
|
4
|
-
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
5
|
-
<head>
|
6
|
-
<meta http-equiv="content-type" content="text/html;charset=UTF-8" />
|
7
|
-
<title>Context Based Access Control</title>
|
8
|
-
<%= javascript_include_tag :defaults %>
|
9
|
-
<%= stylesheet_link_tag "cbac" %>
|
10
|
-
</head>
|
11
|
-
<body>
|
12
|
-
<%= link_to "Permissions", cbac_permissions_path %>
|
13
|
-
<%= link_to "Generic roles", cbac_generic_roles_path %>
|
14
|
-
<%= link_to "Memberships", cbac_memberships_path %>
|
15
|
-
<%= link_to "Upgrade", cbac_upgrade_path %>
|
16
|
-
<%= yield %>
|
17
|
-
</body>
|
18
|
-
</html>
|
1
|
+
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
|
2
|
+
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
3
|
+
|
4
|
+
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
5
|
+
<head>
|
6
|
+
<meta http-equiv="content-type" content="text/html;charset=UTF-8" />
|
7
|
+
<title>Context Based Access Control</title>
|
8
|
+
<%= javascript_include_tag :defaults %>
|
9
|
+
<%= stylesheet_link_tag "cbac" %>
|
10
|
+
</head>
|
11
|
+
<body>
|
12
|
+
<%= link_to "Permissions", cbac_permissions_path %>
|
13
|
+
<%= link_to "Generic roles", cbac_generic_roles_path %>
|
14
|
+
<%= link_to "Memberships", cbac_memberships_path %>
|
15
|
+
<%= link_to "Upgrade", cbac_upgrade_path %>
|
16
|
+
<%= yield %>
|
17
|
+
</body>
|
18
|
+
</html>
|
@@ -1,12 +1,12 @@
|
|
1
|
-
<% update_name = generic_role.id.to_s + "__" + user_id.to_s %>
|
2
|
-
<% unless update_partial %><div id="<%= update_name %>"><% end %>
|
3
|
-
<% form_for "/cbac/memberships/update", :remote => true, :url => {:controller => "cbac/memberships", :action => "update"},
|
4
|
-
:update => update_name, :before => "$('#{update_name}').style.visibility = 'hidden';",
|
5
|
-
:complete => "$('#{update_name}').style.visibility = 'visible';" do %>
|
6
|
-
<%= hidden_field_tag "generic_role_id" + update_name, generic_role.id.to_s, :name => "generic_role_id" %>
|
7
|
-
<%= hidden_field_tag "user_id" + update_name, user_id.to_s, :name => "user_id" %>
|
8
|
-
<%= check_box_tag "member" + update_name, "1",
|
9
|
-
(Cbac::Membership.find(:all, :conditions => ["generic_role_id = ? AND user_id = ?", generic_role.id.to_s, user_id.to_s]).length > 0),
|
10
|
-
{:onclick => "this.form.onsubmit();", :name => "member"}%>
|
11
|
-
<% end %>
|
1
|
+
<% update_name = generic_role.id.to_s + "__" + user_id.to_s %>
|
2
|
+
<% unless update_partial %><div id="<%= update_name %>"><% end %>
|
3
|
+
<% form_for "/cbac/memberships/update", :remote => true, :url => {:controller => "cbac/memberships", :action => "update"},
|
4
|
+
:update => update_name, :before => "$('#{update_name}').style.visibility = 'hidden';",
|
5
|
+
:complete => "$('#{update_name}').style.visibility = 'visible';" do %>
|
6
|
+
<%= hidden_field_tag "generic_role_id" + update_name, generic_role.id.to_s, :name => "generic_role_id" %>
|
7
|
+
<%= hidden_field_tag "user_id" + update_name, user_id.to_s, :name => "user_id" %>
|
8
|
+
<%= check_box_tag "member" + update_name, "1",
|
9
|
+
(Cbac::Membership.find(:all, :conditions => ["generic_role_id = ? AND user_id = ?", generic_role.id.to_s, user_id.to_s]).length > 0),
|
10
|
+
{:onclick => "this.form.onsubmit();", :name => "member"}%>
|
11
|
+
<% end %>
|
12
12
|
<% unless update_partial %></div><% end %>
|
@@ -1,23 +1,23 @@
|
|
1
|
-
<div class="cbac">
|
2
|
-
<h1>Memberships</h1>
|
3
|
-
<table>
|
4
|
-
<tr>
|
5
|
-
<th class="medium">Users</th>
|
6
|
-
<% @generic_roles.each do |role| %>
|
7
|
-
<th><%= role.name %></th>
|
8
|
-
<% end %>
|
9
|
-
</tr>
|
10
|
-
<% (@users.sort do |x,y| x.name.downcase <=> y.name.downcase end).each do |u| %>
|
11
|
-
<tr>
|
12
|
-
<%- # TODO: documentation must contain something on users having the 'name' method/ field %>
|
13
|
-
<td><%= u.name %></td>
|
14
|
-
<% @generic_roles.each do |generic_role| %>
|
15
|
-
<td class="checked">
|
16
|
-
<%= render :partial => "cbac/memberships/update.html", :locals => {:generic_role => generic_role,
|
17
|
-
:user_id => u.id.to_s,:update_partial => false} %>
|
18
|
-
</td>
|
19
|
-
<% end %>
|
20
|
-
</tr>
|
21
|
-
<% end %>
|
22
|
-
</table>
|
23
|
-
</div>
|
1
|
+
<div class="cbac">
|
2
|
+
<h1>Memberships</h1>
|
3
|
+
<table>
|
4
|
+
<tr>
|
5
|
+
<th class="medium">Users</th>
|
6
|
+
<% @generic_roles.each do |role| %>
|
7
|
+
<th><%= role.name %></th>
|
8
|
+
<% end %>
|
9
|
+
</tr>
|
10
|
+
<% (@users.sort do |x,y| x.name.downcase <=> y.name.downcase end).each do |u| %>
|
11
|
+
<tr>
|
12
|
+
<%- # TODO: documentation must contain something on users having the 'name' method/ field %>
|
13
|
+
<td><%= u.name %></td>
|
14
|
+
<% @generic_roles.each do |generic_role| %>
|
15
|
+
<td class="checked">
|
16
|
+
<%= render :partial => "cbac/memberships/update.html", :locals => {:generic_role => generic_role,
|
17
|
+
:user_id => u.id.to_s,:update_partial => false} %>
|
18
|
+
</td>
|
19
|
+
<% end %>
|
20
|
+
</tr>
|
21
|
+
<% end %>
|
22
|
+
</table>
|
23
|
+
</div>
|
@@ -1,12 +1,12 @@
|
|
1
|
-
<% update_name = "cr__" + context_role.to_s + "__" + set_id.to_s %>
|
2
|
-
<% unless update_partial %><div id="<%= update_name %>"><% end %>
|
3
|
-
<% form_for "/cbac/permissions/update", :remote => true, :url => cbac_permissions_update_path,
|
4
|
-
:update => update_name, :before => "$('#{update_name}').style.visibility = 'hidden';",
|
5
|
-
:complete => "$('#{update_name}').style.visibility = 'visible';" do %>
|
6
|
-
<%= hidden_field_tag "context_role" + update_name, context_role.to_s, :name => "context_role" %>
|
7
|
-
<%= hidden_field_tag "privilege_set_id" + update_name, set_id.to_s, :name => "privilege_set_id" %>
|
8
|
-
<%= check_box_tag "permission" + update_name, "1",
|
9
|
-
(Cbac::Permission.find(:all, :conditions => ["context_role = ? AND privilege_set_id = ?", context_role.to_s, set_id.to_s]).length > 0),
|
10
|
-
{:onclick => "this.form.onsubmit();", :name => "permission"}%>
|
11
|
-
<% end %>
|
1
|
+
<% update_name = "cr__" + context_role.to_s + "__" + set_id.to_s %>
|
2
|
+
<% unless update_partial %><div id="<%= update_name %>"><% end %>
|
3
|
+
<% form_for "/cbac/permissions/update", :remote => true, :url => cbac_permissions_update_path,
|
4
|
+
:update => update_name, :before => "$('#{update_name}').style.visibility = 'hidden';",
|
5
|
+
:complete => "$('#{update_name}').style.visibility = 'visible';" do %>
|
6
|
+
<%= hidden_field_tag "context_role" + update_name, context_role.to_s, :name => "context_role" %>
|
7
|
+
<%= hidden_field_tag "privilege_set_id" + update_name, set_id.to_s, :name => "privilege_set_id" %>
|
8
|
+
<%= check_box_tag "permission" + update_name, "1",
|
9
|
+
(Cbac::Permission.find(:all, :conditions => ["context_role = ? AND privilege_set_id = ?", context_role.to_s, set_id.to_s]).length > 0),
|
10
|
+
{:onclick => "this.form.onsubmit();", :name => "permission"}%>
|
11
|
+
<% end %>
|
12
12
|
<% unless update_partial %></div><% end %>
|
@@ -1,12 +1,12 @@
|
|
1
|
-
<% update_name = "gr__" + role.id.to_s + "__" + set_id.to_s %>
|
2
|
-
<% unless update_partial %><div id="<%= update_name %>"><% end %>
|
3
|
-
<% form_for "/cbac/permissions/update", :remote => true, :url => cbac_permissions_update_path,
|
4
|
-
:update => update_name, :before => "$('#{update_name}').style.visibility = 'hidden';",
|
5
|
-
:complete => "$('#{update_name}').style.visibility = 'visible';" do %>
|
6
|
-
<%= hidden_field_tag "generic_role_id" + update_name, role.id.to_s, :name => "generic_role_id" %>
|
7
|
-
<%= hidden_field_tag "privilege_set_id" + update_name, set_id.to_s, :name => "privilege_set_id" %>
|
8
|
-
<%= check_box_tag "permission" + update_name, "1",
|
9
|
-
(Cbac::Permission.find(:all, :conditions => ["generic_role_id = ? AND privilege_set_id = ?", role.id.to_s, set_id.to_s]).length > 0),
|
10
|
-
{:onclick => "this.form.onsubmit();", :name => "permission"}%>
|
11
|
-
<% end %>
|
1
|
+
<% update_name = "gr__" + role.id.to_s + "__" + set_id.to_s %>
|
2
|
+
<% unless update_partial %><div id="<%= update_name %>"><% end %>
|
3
|
+
<% form_for "/cbac/permissions/update", :remote => true, :url => cbac_permissions_update_path,
|
4
|
+
:update => update_name, :before => "$('#{update_name}').style.visibility = 'hidden';",
|
5
|
+
:complete => "$('#{update_name}').style.visibility = 'visible';" do %>
|
6
|
+
<%= hidden_field_tag "generic_role_id" + update_name, role.id.to_s, :name => "generic_role_id" %>
|
7
|
+
<%= hidden_field_tag "privilege_set_id" + update_name, set_id.to_s, :name => "privilege_set_id" %>
|
8
|
+
<%= check_box_tag "permission" + update_name, "1",
|
9
|
+
(Cbac::Permission.find(:all, :conditions => ["generic_role_id = ? AND privilege_set_id = ?", role.id.to_s, set_id.to_s]).length > 0),
|
10
|
+
{:onclick => "this.form.onsubmit();", :name => "permission"}%>
|
11
|
+
<% end %>
|
12
12
|
<% unless update_partial %></div><% end %>
|
@@ -1,39 +1,39 @@
|
|
1
|
-
<div class="cbac">
|
2
|
-
|
3
|
-
<h2>Subset:</h2>
|
4
|
-
<form action="<%= request.request_uri %>" method="get" name="subset_view_form">
|
5
|
-
<b>Privilege set</b> starts with: <input type="text" name="priv_substr" value="<%= params[:priv_substr] %>" /><br />
|
6
|
-
<b>Role</b> starts with: <input type="text" name="role_substr" value="<%= params[:role_substr] %>" /><br/>
|
7
|
-
<input type="submit" value="Submit" />
|
8
|
-
</form>
|
9
|
-
|
10
|
-
<h1>Permissions</h1>
|
11
|
-
<table>
|
12
|
-
<tr>
|
13
|
-
<th>Privilegeset</th>
|
14
|
-
<% (@context_roles.sort { |x, y| x[0].to_s <=> y[0].to_s }).each do |name, comment| %>
|
15
|
-
<th><%= name %></th>
|
16
|
-
<% end %>
|
17
|
-
<% (@generic_roles.sort { |x, y| x.name <=> y.name }).each do |role| %>
|
18
|
-
<th><%= role.name %></th>
|
19
|
-
<% end %>
|
20
|
-
</tr>
|
21
|
-
<% (@sets.sort do |x,y| x[0].to_s <=> y[0].to_s end).each do |token, set| %>
|
22
|
-
<tr>
|
23
|
-
<td><span title ="<%= set.comment %>"><%= set.name %></span></td>
|
24
|
-
<% (@context_roles.sort { |x, y| x[0].to_s <=> y[0].to_s }).each do |context_role, comment| %>
|
25
|
-
<td class="checked">
|
26
|
-
<%= render :partial => "cbac/permissions/update_context_role.html", :locals => {:context_role => context_role.to_s,
|
27
|
-
:set_id => set.id.to_s, :update_partial => false} %>
|
28
|
-
</td>
|
29
|
-
<% end %>
|
30
|
-
<% (@generic_roles.sort { |x, y| x.name <=> y.name }).each do |role| %>
|
31
|
-
<td class="checked">
|
32
|
-
<%= render :partial => "cbac/permissions/update_generic_role.html", :locals => {:role => role,
|
33
|
-
:set_id => set.id.to_s, :update_partial => false} %>
|
34
|
-
</td>
|
35
|
-
<% end %>
|
36
|
-
</tr>
|
37
|
-
<% end %>
|
38
|
-
</table>
|
39
|
-
</div>
|
1
|
+
<div class="cbac">
|
2
|
+
|
3
|
+
<h2>Subset:</h2>
|
4
|
+
<form action="<%= request.request_uri %>" method="get" name="subset_view_form">
|
5
|
+
<b>Privilege set</b> starts with: <input type="text" name="priv_substr" value="<%= params[:priv_substr] %>" /><br />
|
6
|
+
<b>Role</b> starts with: <input type="text" name="role_substr" value="<%= params[:role_substr] %>" /><br/>
|
7
|
+
<input type="submit" value="Submit" />
|
8
|
+
</form>
|
9
|
+
|
10
|
+
<h1>Permissions</h1>
|
11
|
+
<table>
|
12
|
+
<tr>
|
13
|
+
<th>Privilegeset</th>
|
14
|
+
<% (@context_roles.sort { |x, y| x[0].to_s <=> y[0].to_s }).each do |name, comment| %>
|
15
|
+
<th><%= name %></th>
|
16
|
+
<% end %>
|
17
|
+
<% (@generic_roles.sort { |x, y| x.name <=> y.name }).each do |role| %>
|
18
|
+
<th><%= role.name %></th>
|
19
|
+
<% end %>
|
20
|
+
</tr>
|
21
|
+
<% (@sets.sort do |x,y| x[0].to_s <=> y[0].to_s end).each do |token, set| %>
|
22
|
+
<tr>
|
23
|
+
<td><span title ="<%= set.comment %>"><%= set.name %></span></td>
|
24
|
+
<% (@context_roles.sort { |x, y| x[0].to_s <=> y[0].to_s }).each do |context_role, comment| %>
|
25
|
+
<td class="checked">
|
26
|
+
<%= render :partial => "cbac/permissions/update_context_role.html", :locals => {:context_role => context_role.to_s,
|
27
|
+
:set_id => set.id.to_s, :update_partial => false} %>
|
28
|
+
</td>
|
29
|
+
<% end %>
|
30
|
+
<% (@generic_roles.sort { |x, y| x.name <=> y.name }).each do |role| %>
|
31
|
+
<td class="checked">
|
32
|
+
<%= render :partial => "cbac/permissions/update_generic_role.html", :locals => {:role => role,
|
33
|
+
:set_id => set.id.to_s, :update_partial => false} %>
|
34
|
+
</td>
|
35
|
+
<% end %>
|
36
|
+
</tr>
|
37
|
+
<% end %>
|
38
|
+
</table>
|
39
|
+
</div>
|
@@ -1,32 +1,32 @@
|
|
1
|
-
<div class="cbac">
|
2
|
-
<h1>Permissions: available upgrades</h1>
|
3
|
-
<span>Choose which of these available permissions you want to accept or reject.
|
4
|
-
Each upgrade either adds a new permission or revokes an existing permission.
|
5
|
-
You can also leave the available upgrade for another time.</span><br/><br/>
|
6
|
-
<% form_tag cbac_upgrade_update_path do %>
|
7
|
-
<table>
|
8
|
-
<tr>
|
9
|
-
<th class="medium">Add /revoke</th>
|
10
|
-
<th class="large">Privilegeset</th>
|
11
|
-
<th class="medium">Roletype</th>
|
12
|
-
<th class="medium">Role</th>
|
13
|
-
<th class="small">Accept</th>
|
14
|
-
<th class="small">Reject</th>
|
15
|
-
<th class="small">Leave</th>
|
16
|
-
</tr>
|
17
|
-
<% @permissions.each_with_index do |permission, index| %>
|
18
|
-
<tr>
|
19
|
-
<td><span><%=permission.operation_string.capitalize%></span><input type="hidden" name="permissions[<%=index.to_s%>][id]" value="<%=permission.id.to_s%>"/></td>
|
20
|
-
<td><span title='<%=permission.privilege_set.comment%>'><%=permission.privilege_set_name%></span></td>
|
21
|
-
<td><span><%=permission.pristine_role.role_type%></span></td>
|
22
|
-
<td><span><%=permission.pristine_role.name%></span></td>
|
23
|
-
<td><input type="radio" name="permissions[<%=index.to_s%>][action]" value="accept"/></td>
|
24
|
-
<td><input type="radio" name="permissions[<%=index.to_s%>][action]" value="reject"/></td>
|
25
|
-
<td><input type="radio" name="permissions[<%=index.to_s%>][action]" value="leave" checked="checked"/></td>
|
26
|
-
</tr>
|
27
|
-
<% end %>
|
28
|
-
</table>
|
29
|
-
<input type="button" value="Cancel" onclick="window.location.reload();"/>
|
30
|
-
<input type="submit" value="OK"/>
|
31
|
-
<% end %>
|
1
|
+
<div class="cbac">
|
2
|
+
<h1>Permissions: available upgrades</h1>
|
3
|
+
<span>Choose which of these available permissions you want to accept or reject.
|
4
|
+
Each upgrade either adds a new permission or revokes an existing permission.
|
5
|
+
You can also leave the available upgrade for another time.</span><br/><br/>
|
6
|
+
<% form_tag cbac_upgrade_update_path do %>
|
7
|
+
<table>
|
8
|
+
<tr>
|
9
|
+
<th class="medium">Add /revoke</th>
|
10
|
+
<th class="large">Privilegeset</th>
|
11
|
+
<th class="medium">Roletype</th>
|
12
|
+
<th class="medium">Role</th>
|
13
|
+
<th class="small">Accept</th>
|
14
|
+
<th class="small">Reject</th>
|
15
|
+
<th class="small">Leave</th>
|
16
|
+
</tr>
|
17
|
+
<% @permissions.each_with_index do |permission, index| %>
|
18
|
+
<tr>
|
19
|
+
<td><span><%=permission.operation_string.capitalize%></span><input type="hidden" name="permissions[<%=index.to_s%>][id]" value="<%=permission.id.to_s%>"/></td>
|
20
|
+
<td><span title='<%=permission.privilege_set.comment%>'><%=permission.privilege_set_name%></span></td>
|
21
|
+
<td><span><%=permission.pristine_role.role_type%></span></td>
|
22
|
+
<td><span><%=permission.pristine_role.name%></span></td>
|
23
|
+
<td><input type="radio" name="permissions[<%=index.to_s%>][action]" value="accept"/></td>
|
24
|
+
<td><input type="radio" name="permissions[<%=index.to_s%>][action]" value="reject"/></td>
|
25
|
+
<td><input type="radio" name="permissions[<%=index.to_s%>][action]" value="leave" checked="checked"/></td>
|
26
|
+
</tr>
|
27
|
+
<% end %>
|
28
|
+
</table>
|
29
|
+
<input type="button" value="Cancel" onclick="window.location.reload();"/>
|
30
|
+
<input type="submit" value="OK"/>
|
31
|
+
<% end %>
|
32
32
|
</div>
|
@@ -0,0 +1,16 @@
|
|
1
|
+
class AddPristineFilesToCbacUpgradePath < ActiveRecord::Migration
|
2
|
+
def self.up
|
3
|
+
create_table :cbac_pristine_files do |t|
|
4
|
+
t.string :type
|
5
|
+
t.string :file_name
|
6
|
+
t.timestamps
|
7
|
+
end
|
8
|
+
|
9
|
+
add_column :cbac_staged_permissions, :pristine_file_id, :integer
|
10
|
+
end
|
11
|
+
|
12
|
+
def self.down
|
13
|
+
drop_table :cbac_pristine_files
|
14
|
+
remove_column :cbac_staged_permissions, :pristine_file_id
|
15
|
+
end
|
16
|
+
end
|
data/privileges.rb
CHANGED
@@ -1,50 +1,50 @@
|
|
1
|
-
### Privileges.rb
|
2
|
-
#
|
3
|
-
# Defines the privilegesets and privileges for the CBAC system
|
4
|
-
#
|
5
|
-
include Cbac
|
6
|
-
|
7
|
-
# Defining privilegesets
|
8
|
-
PrivilegeSet.add :cbac_administration, "Allows administration of CBAC modules"
|
9
|
-
PrivilegeSet.add :login, "Allows users to log onto the system"
|
10
|
-
PrivilegeSet.add :news_item_read, "Allows reading news_item items"
|
11
|
-
PrivilegeSet.add :news_item_create, "Allows creating news_item items"
|
12
|
-
PrivilegeSet.add :news_item_update, "Allows changing existing news_item items"
|
13
|
-
PrivilegeSet.add :news_item_administrator, "Allows administration of news items"
|
14
|
-
PrivilegeSet.add :news_item_moderator, "Moderator"
|
15
|
-
|
16
|
-
# Defining privileges
|
17
|
-
Privilege.resource :cbac_administration, "cbac/permissions/index"
|
18
|
-
Privilege.resource :cbac_administration, "cbac/permissions/update", :post
|
19
|
-
Privilege.resource :cbac_administration, "cbac/generic_roles/index"
|
20
|
-
Privilege.resource :cbac_administration, "cbac/generic_roles/update", :post
|
21
|
-
Privilege.resource :cbac_administration, "cbac/generic_roles/create", :post
|
22
|
-
Privilege.resource :cbac_administration, "cbac/generic_roles/delete", :post
|
23
|
-
Privilege.resource :cbac_administration, "cbac/memberships/index"
|
24
|
-
Privilege.resource :cbac_administration, "cbac/memberships/update", :post
|
25
|
-
Privilege.resource :cbac_administration, "cbac/upgrade/index"
|
26
|
-
Privilege.resource :cbac_administration, "cbac/upgrade/process_changes", :post
|
27
|
-
Privilege.resource :login, "news_items/login", :POST
|
28
|
-
Privilege.resource :news_item_read, "news_items/index"
|
29
|
-
Privilege.resource :news_item_read, "news_items/show"
|
30
|
-
Privilege.resource :news_item_create, "news_items/new"
|
31
|
-
Privilege.resource :news_item_create, "news_items/create", :POST
|
32
|
-
Privilege.resource :news_item_create, "news_items/create", :idempotent
|
33
|
-
Privilege.resource :news_item_update, "news_items/edit"
|
34
|
-
Privilege.resource :news_item_update, "news_items/update", :POST
|
35
|
-
|
36
|
-
# Recursive privilegesets
|
37
|
-
Privilege.include :news_item_moderator, :news_item_update
|
38
|
-
Privilege.include :news_item_administrator, [:news_item_read, :news_item_create, :news_item_update]
|
39
|
-
|
40
|
-
# Models
|
41
|
-
# Enforcing mode
|
42
|
-
#Privilege.model :blog_read, :blog, :load
|
43
|
-
#Privilege.model :blog_create, :blog, :save
|
44
|
-
#Privilege.model :blog_update, :blog, :update
|
45
|
-
#Privilege.model :blog_update, :blog, :delete
|
46
|
-
# model attributes
|
47
|
-
#Privilege.model_attribute :blog_update, :blog, :author, :write
|
48
|
-
#privilege.model_attribute :blog_update, :blog, :author, :w
|
49
|
-
#privilege.model_attribute :blog_update, :blog, :author, :rw
|
50
|
-
|
1
|
+
### Privileges.rb
|
2
|
+
#
|
3
|
+
# Defines the privilegesets and privileges for the CBAC system
|
4
|
+
#
|
5
|
+
include Cbac
|
6
|
+
|
7
|
+
# Defining privilegesets
|
8
|
+
PrivilegeSet.add :cbac_administration, "Allows administration of CBAC modules"
|
9
|
+
PrivilegeSet.add :login, "Allows users to log onto the system"
|
10
|
+
PrivilegeSet.add :news_item_read, "Allows reading news_item items"
|
11
|
+
PrivilegeSet.add :news_item_create, "Allows creating news_item items"
|
12
|
+
PrivilegeSet.add :news_item_update, "Allows changing existing news_item items"
|
13
|
+
PrivilegeSet.add :news_item_administrator, "Allows administration of news items"
|
14
|
+
PrivilegeSet.add :news_item_moderator, "Moderator"
|
15
|
+
|
16
|
+
# Defining privileges
|
17
|
+
Privilege.resource :cbac_administration, "cbac/permissions/index"
|
18
|
+
Privilege.resource :cbac_administration, "cbac/permissions/update", :post
|
19
|
+
Privilege.resource :cbac_administration, "cbac/generic_roles/index"
|
20
|
+
Privilege.resource :cbac_administration, "cbac/generic_roles/update", :post
|
21
|
+
Privilege.resource :cbac_administration, "cbac/generic_roles/create", :post
|
22
|
+
Privilege.resource :cbac_administration, "cbac/generic_roles/delete", :post
|
23
|
+
Privilege.resource :cbac_administration, "cbac/memberships/index"
|
24
|
+
Privilege.resource :cbac_administration, "cbac/memberships/update", :post
|
25
|
+
Privilege.resource :cbac_administration, "cbac/upgrade/index"
|
26
|
+
Privilege.resource :cbac_administration, "cbac/upgrade/process_changes", :post
|
27
|
+
Privilege.resource :login, "news_items/login", :POST
|
28
|
+
Privilege.resource :news_item_read, "news_items/index"
|
29
|
+
Privilege.resource :news_item_read, "news_items/show"
|
30
|
+
Privilege.resource :news_item_create, "news_items/new"
|
31
|
+
Privilege.resource :news_item_create, "news_items/create", :POST
|
32
|
+
Privilege.resource :news_item_create, "news_items/create", :idempotent
|
33
|
+
Privilege.resource :news_item_update, "news_items/edit"
|
34
|
+
Privilege.resource :news_item_update, "news_items/update", :POST
|
35
|
+
|
36
|
+
# Recursive privilegesets
|
37
|
+
Privilege.include :news_item_moderator, :news_item_update
|
38
|
+
Privilege.include :news_item_administrator, [:news_item_read, :news_item_create, :news_item_update]
|
39
|
+
|
40
|
+
# Models
|
41
|
+
# Enforcing mode
|
42
|
+
#Privilege.model :blog_read, :blog, :load
|
43
|
+
#Privilege.model :blog_create, :blog, :save
|
44
|
+
#Privilege.model :blog_update, :blog, :update
|
45
|
+
#Privilege.model :blog_update, :blog, :delete
|
46
|
+
# model attributes
|
47
|
+
#Privilege.model_attribute :blog_update, :blog, :author, :write
|
48
|
+
#privilege.model_attribute :blog_update, :blog, :author, :w
|
49
|
+
#privilege.model_attribute :blog_update, :blog, :author, :rw
|
50
|
+
|