cbac 0.6.2 → 0.6.3

Sign up to get free protection for your applications and to get access to all the features.
Files changed (71) hide show
  1. data/Manifest +71 -70
  2. data/README.rdoc +51 -51
  3. data/Rakefile +39 -39
  4. data/cbac.gemspec +30 -30
  5. data/config/cbac/context_roles.rb +21 -21
  6. data/config/cbac/privileges.rb +50 -50
  7. data/context_roles.rb +21 -21
  8. data/init.rb +3 -3
  9. data/lib/cbac.rb +132 -132
  10. data/lib/cbac/cbac_pristine/pristine.rb +138 -138
  11. data/lib/cbac/cbac_pristine/pristine_file.rb +179 -173
  12. data/lib/cbac/cbac_pristine/pristine_permission.rb +205 -205
  13. data/lib/cbac/cbac_pristine/pristine_role.rb +43 -42
  14. data/lib/cbac/config.rb +9 -9
  15. data/lib/cbac/context_role.rb +27 -27
  16. data/lib/cbac/generic_role.rb +7 -6
  17. data/lib/cbac/known_permission.rb +15 -14
  18. data/lib/cbac/membership.rb +3 -3
  19. data/lib/cbac/permission.rb +5 -5
  20. data/lib/cbac/privilege.rb +117 -117
  21. data/lib/cbac/privilege_new_api.rb +56 -56
  22. data/lib/cbac/privilege_set.rb +29 -29
  23. data/lib/cbac/privilege_set_record.rb +6 -6
  24. data/lib/cbac/setup.rb +37 -37
  25. data/lib/generators/cbac/USAGE +33 -33
  26. data/lib/generators/cbac/cbac_generator.rb +75 -75
  27. data/lib/generators/cbac/copy_files/config/cbac.pristine +2 -2
  28. data/lib/generators/cbac/copy_files/config/context_roles.rb +17 -17
  29. data/lib/generators/cbac/copy_files/config/privileges.rb +25 -25
  30. data/lib/generators/cbac/copy_files/controllers/generic_roles_controller.rb +30 -30
  31. data/lib/generators/cbac/copy_files/controllers/memberships_controller.rb +22 -22
  32. data/lib/generators/cbac/copy_files/controllers/permissions_controller.rb +61 -61
  33. data/lib/generators/cbac/copy_files/controllers/upgrade_controller.rb +23 -23
  34. data/lib/generators/cbac/copy_files/fixtures/cbac_generic_roles.yml +9 -9
  35. data/lib/generators/cbac/copy_files/fixtures/cbac_memberships.yml +8 -8
  36. data/lib/generators/cbac/copy_files/fixtures/cbac_permissions.yml +8 -8
  37. data/lib/generators/cbac/copy_files/initializers/cbac_config.rb +4 -4
  38. data/lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb +59 -59
  39. data/lib/generators/cbac/copy_files/migrate/create_cbac_upgrade_path.rb +40 -40
  40. data/lib/generators/cbac/copy_files/stylesheets/cbac.css +65 -65
  41. data/lib/generators/cbac/copy_files/tasks/cbac.rake +345 -345
  42. data/lib/generators/cbac/copy_files/views/generic_roles/index.html.erb +58 -58
  43. data/lib/generators/cbac/copy_files/views/layouts/cbac.html.erb +18 -18
  44. data/lib/generators/cbac/copy_files/views/memberships/_update.html.erb +11 -11
  45. data/lib/generators/cbac/copy_files/views/memberships/index.html.erb +23 -23
  46. data/lib/generators/cbac/copy_files/views/permissions/_update_context_role.html.erb +11 -11
  47. data/lib/generators/cbac/copy_files/views/permissions/_update_generic_role.html.erb +11 -11
  48. data/lib/generators/cbac/copy_files/views/permissions/index.html.erb +39 -39
  49. data/lib/generators/cbac/copy_files/views/upgrade/index.html.erb +31 -31
  50. data/migrations/20110211105533_add_pristine_files_to_cbac_upgrade_path.rb +16 -16
  51. data/privileges.rb +50 -50
  52. data/spec/cbac_pristine_file_spec.rb +329 -329
  53. data/spec/cbac_pristine_permission_spec.rb +358 -358
  54. data/spec/cbac_pristine_role_spec.rb +85 -85
  55. data/spec/rcov.opts +1 -1
  56. data/spec/spec.opts +4 -4
  57. data/spec/spec_helper.rb +11 -11
  58. data/tasks/cbac.rake +345 -345
  59. data/test/db/test.sqlite3 +0 -0
  60. data/test/fixtures/cbac_generic_roles.yml +9 -9
  61. data/test/fixtures/cbac_memberships.yml +8 -8
  62. data/test/fixtures/cbac_permissions.yml +14 -14
  63. data/test/fixtures/cbac_privilege_set.yml +18 -18
  64. data/test/test_cbac_actions.rb +71 -71
  65. data/test/test_cbac_authorize_context_roles.rb +39 -39
  66. data/test/test_cbac_authorize_generic_roles.rb +36 -36
  67. data/test/test_cbac_context_role.rb +50 -50
  68. data/test/test_cbac_privilege.rb +151 -151
  69. data/test/test_cbac_privilege_set.rb +50 -50
  70. data/test/test_helper.rb +28 -28
  71. metadata +33 -49
@@ -1,2 +1,2 @@
1
- 0:+:PrivilegeSet(login) ContextRole(everybody)
2
- 1:+:PrivilegeSet(cbac_administration) Admin()
1
+ 0:+:PrivilegeSet(login) ContextRole(everybody)
2
+ 1:+:PrivilegeSet(cbac_administration) Admin()
@@ -1,17 +1,17 @@
1
- ### context_roles.rb
2
- #
3
- # Defines the context roles for the CBAC system
4
- #
5
- include Cbac
6
- puts "Loading context_roles"
7
-
8
- # Defining context roles
9
- ContextRole.add :everybody do
10
- true
11
- end
12
- ContextRole.add :not_logged_in_user do |context|
13
- context.current_user.nil?
14
- end
15
- ContextRole.add :logged_in_user do |context|
16
- not context.current_user.nil?
17
- end
1
+ ### context_roles.rb
2
+ #
3
+ # Defines the context roles for the CBAC system
4
+ #
5
+ include Cbac
6
+ puts "Loading context_roles"
7
+
8
+ # Defining context roles
9
+ ContextRole.add :everybody do
10
+ true
11
+ end
12
+ ContextRole.add :not_logged_in_user do |context|
13
+ context.current_user.nil?
14
+ end
15
+ ContextRole.add :logged_in_user do |context|
16
+ not context.current_user.nil?
17
+ end
@@ -1,25 +1,25 @@
1
- ### Privileges.rb
2
- #
3
- # Defines the privilegesets and privileges for the CBAC system
4
- #
5
- include Cbac
6
- puts "Loading privilegesets"
7
-
8
- cbac do
9
- set :public, "Stuff that is always accessible" do
10
- # Insert public conroller/methods here
11
- end
12
-
13
- set :cbac_administration, "Allows administration of CBAC modules" do
14
- in_module :cbac do
15
- get "permissions", :index
16
- post "permissions", :create
17
- get "memberships", :index
18
- post "memberships", :create
19
- get "generic_roles", :index
20
- post "generic_roles", :update, :create, :delete
21
- get "upgrade", :index
22
- post "upgrade", :update
23
- end
24
- end
25
- end
1
+ ### Privileges.rb
2
+ #
3
+ # Defines the privilegesets and privileges for the CBAC system
4
+ #
5
+ include Cbac
6
+ puts "Loading privilegesets"
7
+
8
+ cbac do
9
+ set :public, "Stuff that is always accessible" do
10
+ # Insert public conroller/methods here
11
+ end
12
+
13
+ set :cbac_administration, "Allows administration of CBAC modules" do
14
+ in_module :cbac do
15
+ get "permissions", :index
16
+ post "permissions", :create
17
+ get "memberships", :index
18
+ post "memberships", :create
19
+ get "generic_roles", :index
20
+ post "generic_roles", :update, :create, :delete
21
+ get "upgrade", :index
22
+ post "upgrade", :update
23
+ end
24
+ end
25
+ end
@@ -1,30 +1,30 @@
1
- class Cbac::GenericRolesController < ApplicationController
2
- # The layout used for all CBAC pages
3
- layout "cbac"
4
-
5
- # GET /index
6
- # GET /index.xml
7
- def index
8
- end
9
-
10
- # POST /update
11
- def update
12
- @role = Cbac::GenericRole.find(params[:id])
13
- @role.update_attributes(params[:cbac_generic_role])
14
- redirect_to :action => "index"
15
- end
16
-
17
- # POST /create
18
- def create
19
- @role = Cbac::GenericRole.new(params[:cbac_generic_role])
20
- @role.save
21
- redirect_to :action => "index"
22
- end
23
-
24
- # POST /delete
25
- def delete
26
- @role = Cbac::GenericRole.find(params[:id])
27
- @role.delete
28
- redirect_to :action => "index"
29
- end
30
- end
1
+ class Cbac::GenericRolesController < ApplicationController
2
+ # The layout used for all CBAC pages
3
+ layout "cbac"
4
+
5
+ # GET /index
6
+ # GET /index.xml
7
+ def index
8
+ end
9
+
10
+ # POST /update
11
+ def update
12
+ @role = Cbac::GenericRole.find(params[:id])
13
+ @role.update_attributes(params[:cbac_generic_role])
14
+ redirect_to :action => "index"
15
+ end
16
+
17
+ # POST /create
18
+ def create
19
+ @role = Cbac::GenericRole.new(params[:cbac_generic_role])
20
+ @role.save
21
+ redirect_to :action => "index"
22
+ end
23
+
24
+ # POST /delete
25
+ def delete
26
+ @role = Cbac::GenericRole.find(params[:id])
27
+ @role.delete
28
+ redirect_to :action => "index"
29
+ end
30
+ end
@@ -1,22 +1,22 @@
1
- class Cbac::MembershipsController < ApplicationController
2
- # The layout used for all CBAC pages
3
- layout "cbac"
4
-
5
- # GET /index
6
- # GET /index.xml
7
- def index
8
- @generic_roles = Cbac::GenericRole.find(:all)
9
- @users = User.find(:all)
10
- end
11
-
12
- # POST /update
13
- def update
14
- Cbac::Membership.find(:all, :conditions => ["generic_role_id = ? AND user_id = ?", params[:generic_role_id], params[:user_id]]).each{|p|p.delete}
15
- if params[:member].to_s == "1"
16
- Cbac::Membership.create(:generic_role_id => params[:generic_role_id], :user_id => params[:user_id])
17
- end
18
- role = Cbac::GenericRole.find(params[:generic_role_id])
19
- render :partial => "cbac/memberships/update.html", :locals => {:generic_role => role,
20
- :user_id => params[:user_id], :update_partial => true}
21
- end
22
- end
1
+ class Cbac::MembershipsController < ApplicationController
2
+ # The layout used for all CBAC pages
3
+ layout "cbac"
4
+
5
+ # GET /index
6
+ # GET /index.xml
7
+ def index
8
+ @generic_roles = Cbac::GenericRole.find(:all)
9
+ @users = User.find(:all)
10
+ end
11
+
12
+ # POST /update
13
+ def update
14
+ Cbac::Membership.find(:all, :conditions => ["generic_role_id = ? AND user_id = ?", params[:generic_role_id], params[:user_id]]).each{|p|p.delete}
15
+ if params[:member].to_s == "1"
16
+ Cbac::Membership.create(:generic_role_id => params[:generic_role_id], :user_id => params[:user_id])
17
+ end
18
+ role = Cbac::GenericRole.find(params[:generic_role_id])
19
+ render :partial => "cbac/memberships/update.html", :locals => {:generic_role => role,
20
+ :user_id => params[:user_id], :update_partial => true}
21
+ end
22
+ end
@@ -1,61 +1,61 @@
1
- class Cbac::PermissionsController < ApplicationController
2
- # The layout used for all CBAC pages
3
- layout "cbac"
4
-
5
- # GET /index GET /index.xml
6
- def index
7
- if params[:role_substr] and params[:role_substr] != ""
8
- @context_roles = []
9
- @generic_roles = []
10
-
11
- params[:role_substr].split('|').each do |role_start|
12
- @context_roles += (ContextRole.roles.select {|key,value| !key.to_s.match(/^#{role_start}/).nil?}).collect{|key, value| [key, value]}
13
- @generic_roles += Cbac::GenericRole.find(:all).select {|role| !role.name.match(/^#{role_start}/).nil? }
14
- end
15
- else
16
- @context_roles = ContextRole.roles
17
- @generic_roles = Cbac::GenericRole.all
18
- end
19
-
20
- if params[:priv_substr] && params[:priv_substr] != ""
21
- @sets = []
22
- params[:priv_substr].split('|').each do |priv_start|
23
- @sets += PrivilegeSet.sets.select {|key, value| !key.to_s.match(/^#{priv_start}/).nil?}
24
- end
25
- else
26
- @sets = PrivilegeSet.sets
27
- end
28
- end
29
-
30
- def update
31
- unless params[:context_role].nil?
32
- update_context_role
33
- return
34
- end
35
- unless params[:generic_role_id].nil?
36
- update_generic_role
37
- end
38
- end
39
-
40
- private
41
-
42
- # POST /update
43
- def update_context_role
44
- Cbac::Permission.find(:all, :conditions => ["context_role = ? AND privilege_set_id = ?", params[:context_role], params[:privilege_set_id]]).each{|p|p.delete}
45
- if params[:permission].to_s == "1"
46
- Cbac::Permission.create(:context_role => params[:context_role], :privilege_set_id => params[:privilege_set_id])
47
- end
48
- render :partial => "cbac/permissions/update_context_role.html", :locals => {:context_role => params[:context_role],
49
- :set_id => params[:privilege_set_id], :update_partial => true}
50
- end
51
-
52
- def update_generic_role
53
- Cbac::Permission.find(:all, :conditions => ["generic_role_id = ? AND privilege_set_id = ?", params[:generic_role_id], params[:privilege_set_id]]).each{|p|p.delete}
54
- if params[:permission].to_s == "1"
55
- Cbac::Permission.create(:generic_role_id => params[:generic_role_id], :privilege_set_id => params[:privilege_set_id])
56
- end
57
- role = Cbac::GenericRole.find(params[:generic_role_id])
58
- render :partial => "cbac/permissions/update_generic_role.html", :locals => {:role =>role,
59
- :set_id => params[:privilege_set_id], :update_partial => true}
60
- end
61
- end
1
+ class Cbac::PermissionsController < ApplicationController
2
+ # The layout used for all CBAC pages
3
+ layout "cbac"
4
+
5
+ # GET /index GET /index.xml
6
+ def index
7
+ if params[:role_substr] and params[:role_substr] != ""
8
+ @context_roles = []
9
+ @generic_roles = []
10
+
11
+ params[:role_substr].split('|').each do |role_start|
12
+ @context_roles += (ContextRole.roles.select {|key,value| !key.to_s.match(/^#{role_start}/).nil?}).collect{|key, value| [key, value]}
13
+ @generic_roles += Cbac::GenericRole.find(:all).select {|role| !role.name.match(/^#{role_start}/).nil? }
14
+ end
15
+ else
16
+ @context_roles = ContextRole.roles
17
+ @generic_roles = Cbac::GenericRole.all
18
+ end
19
+
20
+ if params[:priv_substr] && params[:priv_substr] != ""
21
+ @sets = []
22
+ params[:priv_substr].split('|').each do |priv_start|
23
+ @sets += PrivilegeSet.sets.select {|key, value| !key.to_s.match(/^#{priv_start}/).nil?}
24
+ end
25
+ else
26
+ @sets = PrivilegeSet.sets
27
+ end
28
+ end
29
+
30
+ def update
31
+ unless params[:context_role].nil?
32
+ update_context_role
33
+ return
34
+ end
35
+ unless params[:generic_role_id].nil?
36
+ update_generic_role
37
+ end
38
+ end
39
+
40
+ private
41
+
42
+ # POST /update
43
+ def update_context_role
44
+ Cbac::Permission.find(:all, :conditions => ["context_role = ? AND privilege_set_id = ?", params[:context_role], params[:privilege_set_id]]).each{|p|p.delete}
45
+ if params[:permission].to_s == "1"
46
+ Cbac::Permission.create(:context_role => params[:context_role], :privilege_set_id => params[:privilege_set_id])
47
+ end
48
+ render :partial => "cbac/permissions/update_context_role.html", :locals => {:context_role => params[:context_role],
49
+ :set_id => params[:privilege_set_id], :update_partial => true}
50
+ end
51
+
52
+ def update_generic_role
53
+ Cbac::Permission.find(:all, :conditions => ["generic_role_id = ? AND privilege_set_id = ?", params[:generic_role_id], params[:privilege_set_id]]).each{|p|p.delete}
54
+ if params[:permission].to_s == "1"
55
+ Cbac::Permission.create(:generic_role_id => params[:generic_role_id], :privilege_set_id => params[:privilege_set_id])
56
+ end
57
+ role = Cbac::GenericRole.find(params[:generic_role_id])
58
+ render :partial => "cbac/permissions/update_generic_role.html", :locals => {:role =>role,
59
+ :set_id => params[:privilege_set_id], :update_partial => true}
60
+ end
61
+ end
@@ -1,24 +1,24 @@
1
- class Cbac::UpgradeController < ApplicationController
2
-
3
- layout 'cbac'
4
-
5
- def index
6
- @permissions = Cbac::CbacPristine::PristinePermission.all
7
- end
8
-
9
- def update
10
-
11
- params[:permissions].each do |perm_array|
12
- next if perm_array[1][:action] == 'leave'
13
- permission = Cbac::CbacPristine::PristinePermission.find(perm_array[1][:id])
14
- case perm_array[1][:action]
15
- when 'accept'
16
- permission.accept
17
- when 'reject'
18
- permission.reject
19
- end
20
- end
21
- redirect_to :action => :index
22
-
23
- end
1
+ class Cbac::UpgradeController < ApplicationController
2
+
3
+ layout 'cbac'
4
+
5
+ def index
6
+ @permissions = Cbac::CbacPristine::PristinePermission.all
7
+ end
8
+
9
+ def update
10
+
11
+ params[:permissions].each do |perm_array|
12
+ next if perm_array[1][:action] == 'leave'
13
+ permission = Cbac::CbacPristine::PristinePermission.find(perm_array[1][:id])
14
+ case perm_array[1][:action]
15
+ when 'accept'
16
+ permission.accept
17
+ when 'reject'
18
+ permission.reject
19
+ end
20
+ end
21
+ redirect_to :action => :index
22
+
23
+ end
24
24
  end
@@ -1,9 +1,9 @@
1
- ###
2
- # Context
3
- ## YAML template for the generic roles
4
-
5
- one:
6
- id: 1
7
- name: administrator
8
- remarks: Administrators role. Grants full access to the entire system.
9
-
1
+ ###
2
+ # Context
3
+ ## YAML template for the generic roles
4
+
5
+ one:
6
+ id: 1
7
+ name: administrator
8
+ remarks: Administrators role. Grants full access to the entire system.
9
+
@@ -1,8 +1,8 @@
1
- ###
2
- # Context
3
- ## YAML template for the memberships
4
-
5
- # Making the first user member of the administrator group
6
- one:
7
- user_id: 1
8
- generic_role_id: 1
1
+ ###
2
+ # Context
3
+ ## YAML template for the memberships
4
+
5
+ # Making the first user member of the administrator group
6
+ one:
7
+ user_id: 1
8
+ generic_role_id: 1
@@ -1,8 +1,8 @@
1
- ###
2
- # Context
3
- ## YAML template for the permissions
4
- <% PrivilegeSet.sets.each do |set| %>
5
- fix_<%= set.id %>:
6
- generic_role_id: 1
7
- privilege_set_id: <%= set.id %>
8
- <% end %>
1
+ ###
2
+ # Context
3
+ ## YAML template for the permissions
4
+ <% PrivilegeSet.sets.each do |set| %>
5
+ fix_<%= set.id %>:
6
+ generic_role_id: 1
7
+ privilege_set_id: <%= set.id %>
8
+ <% end %>
@@ -1,4 +1,4 @@
1
- puts "Initializing CBAC..."
2
- include Cbac
3
- Cbac::cbac_boot!
4
- puts "CBAC initialized"
1
+ puts "Initializing CBAC..."
2
+ include Cbac
3
+ Cbac::cbac_boot!
4
+ puts "CBAC initialized"
@@ -1,59 +1,59 @@
1
- class CreateCbacFromScratch < ActiveRecord::Migration
2
- def self.up
3
- create_table :cbac_permissions do |t|
4
- t.integer :generic_role_id, :default => 0
5
- t.string :context_role
6
- t.integer :privilege_set_id
7
- t.timestamps
8
- end
9
-
10
- create_table :cbac_generic_roles do |t|
11
- t.string :name
12
- t.text :remarks
13
- t.timestamps
14
- end
15
-
16
- create_table :cbac_memberships do |t|
17
- t.integer :user_id
18
- t.integer :generic_role_id
19
- t.timestamps
20
- end
21
-
22
- create_table :cbac_privilege_set do |t|
23
- t.string :name
24
- t.string :comment
25
- t.timestamps
26
- end
27
-
28
- create_table :cbac_staged_permissions do |t|
29
- t.integer :pristine_role_id
30
- t.string :privilege_set_name
31
- t.integer :line_number
32
- t.string :comment
33
- t.text :operation, :limit => 2
34
- t.timestamps
35
- end
36
-
37
- create_table :cbac_staged_roles do |t|
38
- t.string :role_type
39
- t.string :name
40
- t.integer :role_id
41
- t.timestamps
42
- end
43
-
44
- create_table :cbac_known_permissions do |t|
45
- t.integer :permission_number, :null => :no
46
- t.integer :permission_type, :default => 0
47
- end
48
- end
49
-
50
- def self.down
51
- drop_table :cbac_permissions
52
- drop_table :cbac_generic_roles
53
- drop_table :cbac_memberships
54
- drop_table :cbac_privilege_set
55
- drop_table :cbac_staged_permissions
56
- drop_table :cbac_staged_roles
57
- drop_table :cbac_known_permission
58
- end
59
- end
1
+ class CreateCbacFromScratch < ActiveRecord::Migration
2
+ def self.up
3
+ create_table :cbac_permissions do |t|
4
+ t.integer :generic_role_id, :default => 0
5
+ t.string :context_role
6
+ t.integer :privilege_set_id
7
+ t.timestamps
8
+ end
9
+
10
+ create_table :cbac_generic_roles do |t|
11
+ t.string :name
12
+ t.text :remarks
13
+ t.timestamps
14
+ end
15
+
16
+ create_table :cbac_memberships do |t|
17
+ t.integer :user_id
18
+ t.integer :generic_role_id
19
+ t.timestamps
20
+ end
21
+
22
+ create_table :cbac_privilege_set do |t|
23
+ t.string :name
24
+ t.string :comment
25
+ t.timestamps
26
+ end
27
+
28
+ create_table :cbac_staged_permissions do |t|
29
+ t.integer :pristine_role_id
30
+ t.string :privilege_set_name
31
+ t.integer :line_number
32
+ t.string :comment
33
+ t.text :operation, :limit => 2
34
+ t.timestamps
35
+ end
36
+
37
+ create_table :cbac_staged_roles do |t|
38
+ t.string :role_type
39
+ t.string :name
40
+ t.integer :role_id
41
+ t.timestamps
42
+ end
43
+
44
+ create_table :cbac_known_permissions do |t|
45
+ t.integer :permission_number, :null => :no
46
+ t.integer :permission_type, :default => 0
47
+ end
48
+ end
49
+
50
+ def self.down
51
+ drop_table :cbac_permissions
52
+ drop_table :cbac_generic_roles
53
+ drop_table :cbac_memberships
54
+ drop_table :cbac_privilege_set
55
+ drop_table :cbac_staged_permissions
56
+ drop_table :cbac_staged_roles
57
+ drop_table :cbac_known_permission
58
+ end
59
+ end