cbac 0.6.2 → 0.6.3

data/lib/cbac/cbac_pristine/pristine_role.rb

@@ -1,42 +1,43 @@
-require 'active_record'
-module Cbac
-  module CbacPristine
-    class PristineRole < ActiveRecord::Base
-      set_table_name "cbac_staged_roles"
-
-      def self.ROLE_TYPES
-        {:context => "context", :generic => "generic", :admin => "administrator"}
-      end
-
-     
-      #convert this cbac role to a yml statement which can be used to create a yml fixtures file
-      #executing this statement will result in one cbac_generic_role in the DB
-      def to_yml_fixture(fixture_id = nil)
-        fixture_id = role_id if fixture_id.nil?
-
-        return '' if role_type == Cbac::CbacPristine::PristineRole.ROLE_TYPES[:context]
-        raise ArgumentError, "cannot convert role #{id.to_s} to yml, because it has no name" if name.blank?
-
-        yml = "cbac_generic_role_00" << fixture_id.to_s << ":\n"
-        yml << "  id: " << fixture_id.to_s << "\n"
-        yml << "  name: " << name << "\n"
-        yml << "  created_at: " << Time.now.strftime("%Y-%m-%d %H:%M:%S") << "\n"
-        yml << "  updated_at: " << Time.now.strftime("%Y-%m-%d %H:%M:%S") << "\n"
-        yml << "\n"
-      end
-
-      def known_permission_type
-        # NOTE: known permissions use different type definitions than pristine roles.
-        # They only use the file type to determine if it is a generic or context role.
-        # Context roles include the admin role (same file) while pristine roles use a different type
-        role_type == PristineRole.ROLE_TYPES[:generic] ? Cbac::KnownPermission.PERMISSION_TYPES[:generic] : Cbac::KnownPermission.PERMISSION_TYPES[:context]
-      end
-
-      def self.admin_role(use_db = true)
-        admin_role =  use_db ? PristineRole.first(:conditions => {:role_type => PristineRole.ROLE_TYPES[:admin]}) : nil
-
-        admin_role.nil?  ? PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator") : admin_role
-      end
-    end
-  end
-end
+require 'active_record'
+module Cbac
+  module CbacPristine
+    class PristineRole < ActiveRecord::Base
+      set_table_name "cbac_staged_roles"
+      attr_readonly :role_type, :role_id, :name
+
+      def self.ROLE_TYPES
+        {:context => "context", :generic => "generic", :admin => "administrator"}
+      end
+
+     
+      #convert this cbac role to a yml statement which can be used to create a yml fixtures file
+      #executing this statement will result in one cbac_generic_role in the DB
+      def to_yml_fixture(fixture_id = nil)
+        fixture_id = role_id if fixture_id.nil?
+
+        return '' if role_type == Cbac::CbacPristine::PristineRole.ROLE_TYPES[:context]
+        raise ArgumentError, "cannot convert role #{id.to_s} to yml, because it has no name" if name.blank?
+
+        yml = "cbac_generic_role_00" << fixture_id.to_s << ":\n"
+        yml << "  id: " << fixture_id.to_s << "\n"
+        yml << "  name: " << name << "\n"
+        yml << "  created_at: " << Time.now.strftime("%Y-%m-%d %H:%M:%S") << "\n"
+        yml << "  updated_at: " << Time.now.strftime("%Y-%m-%d %H:%M:%S") << "\n"
+        yml << "\n"
+      end
+
+      def known_permission_type
+        # NOTE: known permissions use different type definitions than pristine roles.
+        # They only use the file type to determine if it is a generic or context role.
+        # Context roles include the admin role (same file) while pristine roles use a different type
+        role_type == PristineRole.ROLE_TYPES[:generic] ? Cbac::KnownPermission.PERMISSION_TYPES[:generic] : Cbac::KnownPermission.PERMISSION_TYPES[:context]
+      end
+
+      def self.admin_role(use_db = true)
+        admin_role =  use_db ? PristineRole.first(:conditions => {:role_type => PristineRole.ROLE_TYPES[:admin]}) : nil
+
+        admin_role.nil?  ? PristineRole.new(:role_id => 1, :role_type => PristineRole.ROLE_TYPES[:admin], :name => "administrator") : admin_role
+      end
+    end
+  end
+end

data/lib/cbac/config.rb

@@ -1,10 +1,10 @@
-module Cbac
-  # Class containing configuration options for the Cbac system. The following
-  # configuration options are supported: verbose. Determines whether or not to
-  # output results to the console. All outputs are processed as puts commands.
-  class Config
-    class << self
-      attr_accessor :verbose
-    end
-  end
+module Cbac
+  # Class containing configuration options for the Cbac system. The following
+  # configuration options are supported: verbose. Determines whether or not to
+  # output results to the console. All outputs are processed as puts commands.
+  class Config
+    class << self
+      attr_accessor :verbose
+    end
+  end
 end

data/lib/cbac/context_role.rb

@@ -1,27 +1,27 @@
-# ContextRole is the class containing the context role definitions
-#
-# Usage: ContextRole.add :logged_in_user, "!session[:currentuser].nil?"
-class ContextRole
-  class << self
-    # Hash containing all the context roles. Keys are the role names Values are
-    # the Ruby eval strings Eval strings must result in true or false
-    attr_reader :roles
-
-    # Adds a context role to the list of context roles. @symbol defines the name
-    # of the context role @context_rule defines the ruby code to be evaluated
-    # when determining role membership
-    #
-    # If the context role already exists, an exception is thrown.
-    def add(symbol, context_rule = "", &block)
-      symbol = symbol.to_sym
-      @roles = Hash.new if @roles.nil?
-      raise ArgumentError, "CBAC: ContextRole was already defined:" + symbol.to_s if @roles.keys.include?(symbol)
-      # TODO following code
-      #raise ArgumentError, "CBAC: cannot specify both string rule and block rule" unless context_rule.nil? and block.nil?
-      # TODO context parameter in block statement is not explicitly tested
-      block = eval("Proc.new {|context| " + context_rule + "}") if block.nil?
-      @roles[symbol] = block
-    end
-  end
-end
-
+# ContextRole is the class containing the context role definitions
+#
+# Usage: ContextRole.add :logged_in_user, "!session[:currentuser].nil?"
+class ContextRole
+  class << self
+    # Hash containing all the context roles. Keys are the role names Values are
+    # the Ruby eval strings Eval strings must result in true or false
+    attr_reader :roles
+
+    # Adds a context role to the list of context roles. @symbol defines the name
+    # of the context role @context_rule defines the ruby code to be evaluated
+    # when determining role membership
+    #
+    # If the context role already exists, an exception is thrown.
+    def add(symbol, context_rule = "", &block)
+      symbol = symbol.to_sym
+      @roles = Hash.new if @roles.nil?
+      raise ArgumentError, "CBAC: ContextRole was already defined:" + symbol.to_s if @roles.keys.include?(symbol)
+      # TODO following code
+      #raise ArgumentError, "CBAC: cannot specify both string rule and block rule" unless context_rule.nil? and block.nil?
+      # TODO context parameter in block statement is not explicitly tested
+      block = eval("Proc.new {|context| " + context_rule + "}") if block.nil?
+      @roles[symbol] = block
+    end
+  end
+end
+

data/lib/cbac/generic_role.rb

@@ -1,6 +1,7 @@
-class Cbac::GenericRole < ActiveRecord::Base
-  set_table_name "cbac_generic_roles"
-
-  has_many :generic_role_members, :class_name => "Cbac::Membership", :foreign_key => "generic_role_id"
-  has_many :permissions, :class_name => "Cbac::Permission", :foreign_key => "generic_role_id"
-end
+class Cbac::GenericRole < ActiveRecord::Base
+  set_table_name "cbac_generic_roles"
+  attr_accessible :remarks, :name
+
+  has_many :generic_role_members, :class_name => "Cbac::Membership", :foreign_key => "generic_role_id"
+  has_many :permissions, :class_name => "Cbac::Permission", :foreign_key => "generic_role_id"
+end

data/lib/cbac/known_permission.rb

@@ -1,14 +1,15 @@
-class Cbac::KnownPermission < ActiveRecord::Base
-  set_table_name "cbac_known_permissions"
-
-  cattr_accessor :PERMISSION_TYPES
-  @@PERMISSION_TYPES = {:context => 0, :generic => 1}
-
-  def self.find_context_permissions(conditions = {})
-    all(:conditions => conditions.merge(:permission_type => @@PERMISSION_TYPES[:context]))
-  end
-
-  def self.find_generic_permissions(conditions = {})
-    all(:conditions => conditions.merge(:permission_type => @@PERMISSION_TYPES[:generic]))
-  end
-end
+class Cbac::KnownPermission < ActiveRecord::Base
+  set_table_name "cbac_known_permissions"
+  attr_readonly :permission_type, :permission_number
+
+  cattr_accessor :PERMISSION_TYPES
+  @@PERMISSION_TYPES = {:context => 0, :generic => 1}
+
+  def self.find_context_permissions(conditions = {})
+    all(:conditions => conditions.merge(:permission_type => @@PERMISSION_TYPES[:context]))
+  end
+
+  def self.find_generic_permissions(conditions = {})
+    all(:conditions => conditions.merge(:permission_type => @@PERMISSION_TYPES[:generic]))
+  end
+end

data/lib/cbac/membership.rb

@@ -1,4 +1,4 @@
-class Cbac::Membership < ActiveRecord::Base
-  set_table_name "cbac_memberships"
-  belongs_to :generic_role, :class_name => "Cbac::GenericRole", :foreign_key => "generic_role_id"
+class Cbac::Membership < ActiveRecord::Base
+  set_table_name "cbac_memberships"
+  belongs_to :generic_role, :class_name => "Cbac::GenericRole", :foreign_key => "generic_role_id"
 end

data/lib/cbac/permission.rb

@@ -1,6 +1,6 @@
-class Cbac::Permission < ActiveRecord::Base
-  set_table_name "cbac_permissions"
-
-  belongs_to :generic_role, :class_name => "Cbac::GenericRole", :foreign_key => "generic_role_id"
-  belongs_to :privilege_set, :class_name => "Cbac::PrivilegeSetRecord", :foreign_key => "privilege_set_id"
+class Cbac::Permission < ActiveRecord::Base
+  set_table_name "cbac_permissions"
+
+  belongs_to :generic_role, :class_name => "Cbac::GenericRole", :foreign_key => "generic_role_id"
+  belongs_to :privilege_set, :class_name => "Cbac::PrivilegeSetRecord", :foreign_key => "privilege_set_id"
 end

data/lib/cbac/privilege.rb

@@ -1,117 +1,117 @@
-# Class containing all the privileges
-#
-# To define a new controller method resource: Privilege.resource :privilegeset,
-# "controller/method"
-#
-class Privilege
-  class << self
-    attr_reader :get_resources, :post_resources, :model_attributes, :models
-
-    # The includes hash contains references to inheritence. The key points to the
-    # base class, the value is an array of children.
-    #
-    # Example:
-    # If Child inherits from Parent, then the structure would be:
-    # includes[:Parent] = [:Child]
-    attr_reader :includes
-
-    # Links a resource with a PrivilegeSet
-    #
-    # An ArgumentError exception is thrown if the PrivilegeSet does not exist.
-    # To create PrivilegeSets, use the PrivilegeSet.add method
-    def resource(privilege_set, method, action="GET")
-      privilege_set = privilege_set.to_sym
-      @get_resources = Hash.new if @get_resources.nil?
-      @post_resources = Hash.new if @post_resources.nil?
-      action_aliases = {"GET" => ["GET", "get", "g","idempotent"], "POST" => ["POST", "post", "p"]}
-      raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{privilege_set}" unless PrivilegeSet.sets.include?(privilege_set)
-      action_option = action_aliases.find { |name, aliases| aliases.include?(action.to_s) }
-      raise ArgumentError, "CBAC: Wrong value for argument 'action' in Privilege.resource: #{action}" if action_option.nil?
-      case action_option[0]
-      when "GET"
-        (@get_resources[method] ||= Array.new) << PrivilegeSet.sets[privilege_set]
-        (@includes[privilege_set] || Array.new).each {|child_set| (@get_resources[method] ||= Array.new) << PrivilegeSet.sets[child_set]} unless @includes.nil?
-      when "POST"
-        (@post_resources[method] ||= Array.new) << PrivilegeSet.sets[privilege_set]
-        (@includes[privilege_set] || Array.new).each {|child_set| (@post_resources[method] ||= Array.new) << PrivilegeSet.sets[child_set]} unless @includes.nil?
-      else
-        raise "CBAC: This should never happen (incorrect HTTP action)"
-      end
-    end
-
-    # Make a privilege set dependant on other privilege set(s).
-    #
-    # Usage:
-    # Privilege.include :child_set, :base_set
-    # Privilege.include :child_set, [:base_set_1, :base_set_2]
-    #
-    # An ArgumentError exception is thrown if any of the PrivilegeSet methods do not exist.
-    def include(privilege_set, included_privilege_set)
-      @includes = Hash.new if @includes.nil?
-      child_set = privilege_set.to_sym
-      raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{child_set}" unless PrivilegeSet.sets.include?(child_set)
-      included_privilege_set = [included_privilege_set] unless included_privilege_set.is_a?(Enumerable)
-      included_privilege_set.each do |base_set|
-        # Check for existence of PrivilegeSet
-        raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{base_set}" unless PrivilegeSet.sets.include?(base_set)
-        # Adds the references
-        (@includes[base_set.to_sym] ||= Array.new) << child_set
-        # Copies existing resources
-        @get_resources.each do |method, privilege_sets|
-          resource child_set, method, :get if privilege_sets.any? {|set| set.name == base_set.to_s}
-        end
-        @post_resources.each do |method, privilege_sets|
-          resource child_set, method, :post if privilege_sets.any? {|set| set.name == base_set.to_s}
-        end
-      end
-    end
-      
-
-    def model_attribute
-
-    end
-    def model
-
-    end
-
-    # Finds the privilege sets associated with the given controller_method and
-    # action_type Valid values for action_type are "get", "post" and "put".
-    # "put" is converted into "post".
-    #
-    # Usage:
-    # Privilege.select "my_controller/action", :get
-    #
-    # Returns an array of PrivilegeSet objects
-    #
-    # If incorrect values are given for action_type the method will raise an
-    # ArgumentError. If the controller and action name are not found, an
-    # exception is being raised.
-    def select(controller_method, action_type)
-      action_type = action_type.to_s
-      post_methods = ["post", "put", "delete"]
-      if action_type == "get"
-        privilege_sets = Privilege.get_resources[controller_method]
-      else if post_methods.include?(action_type)
-          privilege_sets = Privilege.post_resources[controller_method]
-        else
-          raise ArgumentError, "CBAC: Incorrect action_type: #{action_type}"
-        end
-      end
-      # Error handling if no privilege_sets were found
-      if privilege_sets.nil?
-        if action_type == "get"
-          if !Privilege.post_resources[controller_method].nil?
-            raise "CBAC: PrivilegeSets only exist for other action: post on method: #{controller_method}"
-          end
-        else
-          if !Privilege.get_resources[controller_method].nil?
-            raise "CBAC: PrivilegeSets only exist for other action: get on method: #{controller_method}"
-          end
-        end
-        raise "CBAC: Could not find any privilege sets associated with: #{controller_method} and action: #{action_type}" +
-          "Available GET resources:\n" + Privilege.get_resources.inject("") {|sum, (key, value)| sum + key.to_s + "\n"}
-      end
-      privilege_sets
-    end
-  end
-end
+# Class containing all the privileges
+#
+# To define a new controller method resource: Privilege.resource :privilegeset,
+# "controller/method"
+#
+class Privilege
+  class << self
+    attr_reader :get_resources, :post_resources, :model_attributes, :models
+
+    # The includes hash contains references to inheritence. The key points to the
+    # base class, the value is an array of children.
+    #
+    # Example:
+    # If Child inherits from Parent, then the structure would be:
+    # includes[:Parent] = [:Child]
+    attr_reader :includes
+
+    # Links a resource with a PrivilegeSet
+    #
+    # An ArgumentError exception is thrown if the PrivilegeSet does not exist.
+    # To create PrivilegeSets, use the PrivilegeSet.add method
+    def resource(privilege_set, method, action="GET")
+      privilege_set = privilege_set.to_sym
+      @get_resources = Hash.new if @get_resources.nil?
+      @post_resources = Hash.new if @post_resources.nil?
+      action_aliases = {"GET" => ["GET", "get", "g","idempotent"], "POST" => ["POST", "post", "p"]}
+      raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{privilege_set}" unless PrivilegeSet.sets.include?(privilege_set)
+      action_option = action_aliases.find { |name, aliases| aliases.include?(action.to_s) }
+      raise ArgumentError, "CBAC: Wrong value for argument 'action' in Privilege.resource: #{action}" if action_option.nil?
+      case action_option[0]
+      when "GET"
+        (@get_resources[method] ||= Array.new) << PrivilegeSet.sets[privilege_set]
+        (@includes[privilege_set] || Array.new).each {|child_set| (@get_resources[method] ||= Array.new) << PrivilegeSet.sets[child_set]} unless @includes.nil?
+      when "POST"
+        (@post_resources[method] ||= Array.new) << PrivilegeSet.sets[privilege_set]
+        (@includes[privilege_set] || Array.new).each {|child_set| (@post_resources[method] ||= Array.new) << PrivilegeSet.sets[child_set]} unless @includes.nil?
+      else
+        raise "CBAC: This should never happen (incorrect HTTP action)"
+      end
+    end
+
+    # Make a privilege set dependant on other privilege set(s).
+    #
+    # Usage:
+    # Privilege.include :child_set, :base_set
+    # Privilege.include :child_set, [:base_set_1, :base_set_2]
+    #
+    # An ArgumentError exception is thrown if any of the PrivilegeSet methods do not exist.
+    def include(privilege_set, included_privilege_set)
+      @includes = Hash.new if @includes.nil?
+      child_set = privilege_set.to_sym
+      raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{child_set}" unless PrivilegeSet.sets.include?(child_set)
+      included_privilege_set = [included_privilege_set] unless included_privilege_set.is_a?(Enumerable)
+      included_privilege_set.each do |base_set|
+        # Check for existence of PrivilegeSet
+        raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{base_set}" unless PrivilegeSet.sets.include?(base_set)
+        # Adds the references
+        (@includes[base_set.to_sym] ||= Array.new) << child_set
+        # Copies existing resources
+        @get_resources.each do |method, privilege_sets|
+          resource child_set, method, :get if privilege_sets.any? {|set| set.name == base_set.to_s}
+        end
+        @post_resources.each do |method, privilege_sets|
+          resource child_set, method, :post if privilege_sets.any? {|set| set.name == base_set.to_s}
+        end
+      end
+    end
+      
+
+    def model_attribute
+
+    end
+    def model
+
+    end
+
+    # Finds the privilege sets associated with the given controller_method and
+    # action_type Valid values for action_type are "get", "post" and "put".
+    # "put" is converted into "post".
+    #
+    # Usage:
+    # Privilege.select "my_controller/action", :get
+    #
+    # Returns an array of PrivilegeSet objects
+    #
+    # If incorrect values are given for action_type the method will raise an
+    # ArgumentError. If the controller and action name are not found, an
+    # exception is being raised.
+    def select(controller_method, action_type)
+      action_type = action_type.to_s
+      post_methods = ["post", "put", "delete"]
+      if action_type == "get"
+        privilege_sets = Privilege.get_resources[controller_method]
+      else if post_methods.include?(action_type)
+          privilege_sets = Privilege.post_resources[controller_method]
+        else
+          raise ArgumentError, "CBAC: Incorrect action_type: #{action_type}"
+        end
+      end
+      # Error handling if no privilege_sets were found
+      if privilege_sets.nil?
+        if action_type == "get"
+          if !Privilege.post_resources[controller_method].nil?
+            raise "CBAC: PrivilegeSets only exist for other action: post on method: #{controller_method}"
+          end
+        else
+          if !Privilege.get_resources[controller_method].nil?
+            raise "CBAC: PrivilegeSets only exist for other action: get on method: #{controller_method}"
+          end
+        end
+        raise "CBAC: Could not find any privilege sets associated with: #{controller_method} and action: #{action_type}" +
+          "Available GET resources:\n" + Privilege.get_resources.inject("") {|sum, (key, value)| sum + key.to_s + "\n"}
+      end
+      privilege_sets
+    end
+  end
+end