cbac 0.6.5 → 0.6.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/Gemfile +2 -0
- data/Gemfile.lock +92 -0
- data/Manifest +5 -2
- data/cbac.gemspec +9 -5
- data/lib/cbac.rb +12 -9
- data/lib/cbac/cbac_pristine/pristine_permission.rb +1 -2
- data/lib/cbac/privilege.rb +9 -10
- data/lib/cbac/setup.rb +9 -9
- data/lib/cbac/version.rb +3 -0
- data/lib/generators/cbac/cbac_generator.rb +2 -8
- data/lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb +55 -32
- data/lib/generators/cbac/copy_files/views/permissions/index.html.erb +1 -1
- data/spec/cbac_authorization_check_spec.rb +70 -0
- data/spec/cbac_pristine_file_spec.rb +20 -27
- data/spec/cbac_pristine_permission_spec.rb +168 -132
- data/spec/cbac_pristine_role_spec.rb +1 -8
- data/spec/fixtures/controllers/dating/daughter_controller.rb +11 -0
- data/spec/spec_helper.rb +35 -10
- data/spec/support/schema.rb +30 -0
- data/test/test_cbac_privilege.rb +13 -9
- metadata +74 -9
- data/lib/generators/cbac/copy_files/migrate/create_cbac_upgrade_path.rb +0 -40
- data/test/test_cbac_authorize_context_roles.rb +0 -39
data/Gemfile
CHANGED
data/Gemfile.lock
CHANGED
|
@@ -2,28 +2,120 @@ PATH
|
|
|
2
2
|
remote: .
|
|
3
3
|
specs:
|
|
4
4
|
cbac (0.6.5)
|
|
5
|
+
rails (>= 3.0)
|
|
5
6
|
|
|
6
7
|
GEM
|
|
8
|
+
remote: https://rubygems.org/
|
|
7
9
|
specs:
|
|
10
|
+
actionmailer (3.2.10)
|
|
11
|
+
actionpack (= 3.2.10)
|
|
12
|
+
mail (~> 2.4.4)
|
|
13
|
+
actionpack (3.2.10)
|
|
14
|
+
activemodel (= 3.2.10)
|
|
15
|
+
activesupport (= 3.2.10)
|
|
16
|
+
builder (~> 3.0.0)
|
|
17
|
+
erubis (~> 2.7.0)
|
|
18
|
+
journey (~> 1.0.4)
|
|
19
|
+
rack (~> 1.4.0)
|
|
20
|
+
rack-cache (~> 1.2)
|
|
21
|
+
rack-test (~> 0.6.1)
|
|
22
|
+
sprockets (~> 2.2.1)
|
|
23
|
+
activemodel (3.2.10)
|
|
24
|
+
activesupport (= 3.2.10)
|
|
25
|
+
builder (~> 3.0.0)
|
|
26
|
+
activerecord (3.2.10)
|
|
27
|
+
activemodel (= 3.2.10)
|
|
28
|
+
activesupport (= 3.2.10)
|
|
29
|
+
arel (~> 3.0.2)
|
|
30
|
+
tzinfo (~> 0.3.29)
|
|
31
|
+
activeresource (3.2.10)
|
|
32
|
+
activemodel (= 3.2.10)
|
|
33
|
+
activesupport (= 3.2.10)
|
|
34
|
+
activesupport (3.2.10)
|
|
35
|
+
i18n (~> 0.6)
|
|
36
|
+
multi_json (~> 1.0)
|
|
8
37
|
allison (2.0.3)
|
|
38
|
+
arel (3.0.2)
|
|
39
|
+
builder (3.0.4)
|
|
40
|
+
database_cleaner (0.9.1)
|
|
41
|
+
diff-lcs (1.1.3)
|
|
9
42
|
echoe (4.6.3)
|
|
10
43
|
allison (>= 2.0.3)
|
|
11
44
|
gemcutter (>= 0.7.0)
|
|
12
45
|
rake (>= 0.9.2)
|
|
13
46
|
rdoc (>= 3.6.1)
|
|
14
47
|
rubyforge (>= 2.0.4)
|
|
48
|
+
erubis (2.7.0)
|
|
15
49
|
gemcutter (0.7.1)
|
|
50
|
+
hike (1.2.1)
|
|
51
|
+
i18n (0.6.1)
|
|
52
|
+
journey (1.0.4)
|
|
16
53
|
json (1.7.5)
|
|
17
54
|
json_pure (1.7.5)
|
|
55
|
+
mail (2.4.4)
|
|
56
|
+
i18n (>= 0.4.0)
|
|
57
|
+
mime-types (~> 1.16)
|
|
58
|
+
treetop (~> 1.4.8)
|
|
59
|
+
mime-types (1.19)
|
|
60
|
+
multi_json (1.5.0)
|
|
61
|
+
polyglot (0.3.3)
|
|
62
|
+
rack (1.4.3)
|
|
63
|
+
rack-cache (1.2)
|
|
64
|
+
rack (>= 0.4)
|
|
65
|
+
rack-ssl (1.3.2)
|
|
66
|
+
rack
|
|
67
|
+
rack-test (0.6.2)
|
|
68
|
+
rack (>= 1.0)
|
|
69
|
+
rails (3.2.10)
|
|
70
|
+
actionmailer (= 3.2.10)
|
|
71
|
+
actionpack (= 3.2.10)
|
|
72
|
+
activerecord (= 3.2.10)
|
|
73
|
+
activeresource (= 3.2.10)
|
|
74
|
+
activesupport (= 3.2.10)
|
|
75
|
+
bundler (~> 1.0)
|
|
76
|
+
railties (= 3.2.10)
|
|
77
|
+
railties (3.2.10)
|
|
78
|
+
actionpack (= 3.2.10)
|
|
79
|
+
activesupport (= 3.2.10)
|
|
80
|
+
rack-ssl (~> 1.3.2)
|
|
81
|
+
rake (>= 0.8.7)
|
|
82
|
+
rdoc (~> 3.4)
|
|
83
|
+
thor (>= 0.14.6, < 2.0)
|
|
18
84
|
rake (0.9.2.2)
|
|
19
85
|
rdoc (3.12)
|
|
20
86
|
json (~> 1.4)
|
|
87
|
+
rspec-core (2.12.2)
|
|
88
|
+
rspec-expectations (2.12.1)
|
|
89
|
+
diff-lcs (~> 1.1.3)
|
|
90
|
+
rspec-mocks (2.12.1)
|
|
91
|
+
rspec-rails (2.12.1)
|
|
92
|
+
actionpack (>= 3.0)
|
|
93
|
+
activesupport (>= 3.0)
|
|
94
|
+
railties (>= 3.0)
|
|
95
|
+
rspec-core (~> 2.12.0)
|
|
96
|
+
rspec-expectations (~> 2.12.0)
|
|
97
|
+
rspec-mocks (~> 2.12.0)
|
|
21
98
|
rubyforge (2.0.4)
|
|
22
99
|
json_pure (>= 1.1.7)
|
|
100
|
+
sprockets (2.2.2)
|
|
101
|
+
hike (~> 1.2)
|
|
102
|
+
multi_json (~> 1.0)
|
|
103
|
+
rack (~> 1.0)
|
|
104
|
+
tilt (~> 1.1, != 1.3.0)
|
|
105
|
+
sqlite3 (1.3.6)
|
|
106
|
+
thor (0.16.0)
|
|
107
|
+
tilt (1.3.3)
|
|
108
|
+
treetop (1.4.12)
|
|
109
|
+
polyglot
|
|
110
|
+
polyglot (>= 0.3.1)
|
|
111
|
+
tzinfo (0.3.35)
|
|
23
112
|
|
|
24
113
|
PLATFORMS
|
|
25
114
|
ruby
|
|
26
115
|
|
|
27
116
|
DEPENDENCIES
|
|
28
117
|
cbac!
|
|
118
|
+
database_cleaner
|
|
29
119
|
echoe
|
|
120
|
+
rspec-rails
|
|
121
|
+
sqlite3
|
data/Manifest
CHANGED
|
@@ -3,6 +3,7 @@ Gemfile.lock
|
|
|
3
3
|
Manifest
|
|
4
4
|
README.rdoc
|
|
5
5
|
Rakefile
|
|
6
|
+
cbac.gemspec
|
|
6
7
|
config/cbac/context_roles.rb
|
|
7
8
|
config/cbac/privileges.rb
|
|
8
9
|
context_roles.rb
|
|
@@ -23,6 +24,7 @@ lib/cbac/privilege_new_api.rb
|
|
|
23
24
|
lib/cbac/privilege_set.rb
|
|
24
25
|
lib/cbac/privilege_set_record.rb
|
|
25
26
|
lib/cbac/setup.rb
|
|
27
|
+
lib/cbac/version.rb
|
|
26
28
|
lib/generators/cbac/USAGE
|
|
27
29
|
lib/generators/cbac/cbac_generator.rb
|
|
28
30
|
lib/generators/cbac/copy_files/config/cbac.pristine
|
|
@@ -37,7 +39,6 @@ lib/generators/cbac/copy_files/fixtures/cbac_memberships.yml
|
|
|
37
39
|
lib/generators/cbac/copy_files/fixtures/cbac_permissions.yml
|
|
38
40
|
lib/generators/cbac/copy_files/initializers/cbac_config.rb
|
|
39
41
|
lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb
|
|
40
|
-
lib/generators/cbac/copy_files/migrate/create_cbac_upgrade_path.rb
|
|
41
42
|
lib/generators/cbac/copy_files/stylesheets/cbac.css
|
|
42
43
|
lib/generators/cbac/copy_files/tasks/cbac.rake
|
|
43
44
|
lib/generators/cbac/copy_files/views/generic_roles/index.html.erb
|
|
@@ -51,19 +52,21 @@ lib/generators/cbac/copy_files/views/upgrade/index.html.erb
|
|
|
51
52
|
migrations/20110211105533_add_pristine_files_to_cbac_upgrade_path.rb
|
|
52
53
|
privileges.rb
|
|
53
54
|
rails/init.rb
|
|
55
|
+
spec/cbac_authorization_check_spec.rb
|
|
54
56
|
spec/cbac_pristine_file_spec.rb
|
|
55
57
|
spec/cbac_pristine_permission_spec.rb
|
|
56
58
|
spec/cbac_pristine_role_spec.rb
|
|
59
|
+
spec/fixtures/controllers/dating/daughter_controller.rb
|
|
57
60
|
spec/rcov.opts
|
|
58
61
|
spec/spec.opts
|
|
59
62
|
spec/spec_helper.rb
|
|
63
|
+
spec/support/schema.rb
|
|
60
64
|
tasks/cbac.rake
|
|
61
65
|
test/fixtures/cbac_generic_roles.yml
|
|
62
66
|
test/fixtures/cbac_memberships.yml
|
|
63
67
|
test/fixtures/cbac_permissions.yml
|
|
64
68
|
test/fixtures/cbac_privilege_set.yml
|
|
65
69
|
test/test_cbac_actions.rb
|
|
66
|
-
test/test_cbac_authorize_context_roles.rb
|
|
67
70
|
test/test_cbac_authorize_generic_roles.rb
|
|
68
71
|
test/test_cbac_context_role.rb
|
|
69
72
|
test/test_cbac_privilege.rb
|
data/cbac.gemspec
CHANGED
|
@@ -2,27 +2,31 @@
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |s|
|
|
4
4
|
s.name = "cbac"
|
|
5
|
-
s.version = "0.6.
|
|
5
|
+
s.version = "0.6.7"
|
|
6
6
|
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 1.2") if s.respond_to? :required_rubygems_version=
|
|
8
8
|
s.authors = ["Bert Meerman"]
|
|
9
|
-
s.date = "
|
|
9
|
+
s.date = "2013-01-09"
|
|
10
10
|
s.description = "Simple authorization system for Rails applications. Allows you to develop applications with a mixed role based authorization and a context based authorization model. Does not supply authentication."
|
|
11
11
|
s.email = "bertm@rubyforge.org"
|
|
12
|
-
s.extra_rdoc_files = ["README.rdoc", "lib/cbac.rb", "lib/cbac/cbac_pristine/pristine.rb", "lib/cbac/cbac_pristine/pristine_file.rb", "lib/cbac/cbac_pristine/pristine_permission.rb", "lib/cbac/cbac_pristine/pristine_role.rb", "lib/cbac/config.rb", "lib/cbac/context_role.rb", "lib/cbac/generic_role.rb", "lib/cbac/known_permission.rb", "lib/cbac/membership.rb", "lib/cbac/permission.rb", "lib/cbac/privilege.rb", "lib/cbac/privilege_new_api.rb", "lib/cbac/privilege_set.rb", "lib/cbac/privilege_set_record.rb", "lib/cbac/setup.rb", "lib/generators/cbac/USAGE", "lib/generators/cbac/cbac_generator.rb", "lib/generators/cbac/copy_files/config/cbac.pristine", "lib/generators/cbac/copy_files/config/context_roles.rb", "lib/generators/cbac/copy_files/config/privileges.rb", "lib/generators/cbac/copy_files/controllers/generic_roles_controller.rb", "lib/generators/cbac/copy_files/controllers/memberships_controller.rb", "lib/generators/cbac/copy_files/controllers/permissions_controller.rb", "lib/generators/cbac/copy_files/controllers/upgrade_controller.rb", "lib/generators/cbac/copy_files/fixtures/cbac_generic_roles.yml", "lib/generators/cbac/copy_files/fixtures/cbac_memberships.yml", "lib/generators/cbac/copy_files/fixtures/cbac_permissions.yml", "lib/generators/cbac/copy_files/initializers/cbac_config.rb", "lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb", "lib/generators/cbac/copy_files/
|
|
13
|
-
s.files = ["Gemfile", "Gemfile.lock", "
|
|
12
|
+
s.extra_rdoc_files = ["README.rdoc", "lib/cbac.rb", "lib/cbac/cbac_pristine/pristine.rb", "lib/cbac/cbac_pristine/pristine_file.rb", "lib/cbac/cbac_pristine/pristine_permission.rb", "lib/cbac/cbac_pristine/pristine_role.rb", "lib/cbac/config.rb", "lib/cbac/context_role.rb", "lib/cbac/generic_role.rb", "lib/cbac/known_permission.rb", "lib/cbac/membership.rb", "lib/cbac/permission.rb", "lib/cbac/privilege.rb", "lib/cbac/privilege_new_api.rb", "lib/cbac/privilege_set.rb", "lib/cbac/privilege_set_record.rb", "lib/cbac/setup.rb", "lib/cbac/version.rb", "lib/generators/cbac/USAGE", "lib/generators/cbac/cbac_generator.rb", "lib/generators/cbac/copy_files/config/cbac.pristine", "lib/generators/cbac/copy_files/config/context_roles.rb", "lib/generators/cbac/copy_files/config/privileges.rb", "lib/generators/cbac/copy_files/controllers/generic_roles_controller.rb", "lib/generators/cbac/copy_files/controllers/memberships_controller.rb", "lib/generators/cbac/copy_files/controllers/permissions_controller.rb", "lib/generators/cbac/copy_files/controllers/upgrade_controller.rb", "lib/generators/cbac/copy_files/fixtures/cbac_generic_roles.yml", "lib/generators/cbac/copy_files/fixtures/cbac_memberships.yml", "lib/generators/cbac/copy_files/fixtures/cbac_permissions.yml", "lib/generators/cbac/copy_files/initializers/cbac_config.rb", "lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb", "lib/generators/cbac/copy_files/stylesheets/cbac.css", "lib/generators/cbac/copy_files/tasks/cbac.rake", "lib/generators/cbac/copy_files/views/generic_roles/index.html.erb", "lib/generators/cbac/copy_files/views/layouts/cbac.html.erb", "lib/generators/cbac/copy_files/views/memberships/_update.html.erb", "lib/generators/cbac/copy_files/views/memberships/index.html.erb", "lib/generators/cbac/copy_files/views/permissions/_update_context_role.html.erb", "lib/generators/cbac/copy_files/views/permissions/_update_generic_role.html.erb", "lib/generators/cbac/copy_files/views/permissions/index.html.erb", "lib/generators/cbac/copy_files/views/upgrade/index.html.erb", "tasks/cbac.rake"]
|
|
13
|
+
s.files = ["Gemfile", "Gemfile.lock", "README.rdoc", "Rakefile", "cbac.gemspec", "config/cbac/context_roles.rb", "config/cbac/privileges.rb", "context_roles.rb", "init.rb", "lib/cbac.rb", "lib/cbac/cbac_pristine/pristine.rb", "lib/cbac/cbac_pristine/pristine_file.rb", "lib/cbac/cbac_pristine/pristine_permission.rb", "lib/cbac/cbac_pristine/pristine_role.rb", "lib/cbac/config.rb", "lib/cbac/context_role.rb", "lib/cbac/generic_role.rb", "lib/cbac/known_permission.rb", "lib/cbac/membership.rb", "lib/cbac/permission.rb", "lib/cbac/privilege.rb", "lib/cbac/privilege_new_api.rb", "lib/cbac/privilege_set.rb", "lib/cbac/privilege_set_record.rb", "lib/cbac/setup.rb", "lib/cbac/version.rb", "lib/generators/cbac/USAGE", "lib/generators/cbac/cbac_generator.rb", "lib/generators/cbac/copy_files/config/cbac.pristine", "lib/generators/cbac/copy_files/config/context_roles.rb", "lib/generators/cbac/copy_files/config/privileges.rb", "lib/generators/cbac/copy_files/controllers/generic_roles_controller.rb", "lib/generators/cbac/copy_files/controllers/memberships_controller.rb", "lib/generators/cbac/copy_files/controllers/permissions_controller.rb", "lib/generators/cbac/copy_files/controllers/upgrade_controller.rb", "lib/generators/cbac/copy_files/fixtures/cbac_generic_roles.yml", "lib/generators/cbac/copy_files/fixtures/cbac_memberships.yml", "lib/generators/cbac/copy_files/fixtures/cbac_permissions.yml", "lib/generators/cbac/copy_files/initializers/cbac_config.rb", "lib/generators/cbac/copy_files/migrate/create_cbac_from_scratch.rb", "lib/generators/cbac/copy_files/stylesheets/cbac.css", "lib/generators/cbac/copy_files/tasks/cbac.rake", "lib/generators/cbac/copy_files/views/generic_roles/index.html.erb", "lib/generators/cbac/copy_files/views/layouts/cbac.html.erb", "lib/generators/cbac/copy_files/views/memberships/_update.html.erb", "lib/generators/cbac/copy_files/views/memberships/index.html.erb", "lib/generators/cbac/copy_files/views/permissions/_update_context_role.html.erb", "lib/generators/cbac/copy_files/views/permissions/_update_generic_role.html.erb", "lib/generators/cbac/copy_files/views/permissions/index.html.erb", "lib/generators/cbac/copy_files/views/upgrade/index.html.erb", "migrations/20110211105533_add_pristine_files_to_cbac_upgrade_path.rb", "privileges.rb", "rails/init.rb", "spec/cbac_authorization_check_spec.rb", "spec/cbac_pristine_file_spec.rb", "spec/cbac_pristine_permission_spec.rb", "spec/cbac_pristine_role_spec.rb", "spec/fixtures/controllers/dating/daughter_controller.rb", "spec/rcov.opts", "spec/spec.opts", "spec/spec_helper.rb", "spec/support/schema.rb", "tasks/cbac.rake", "test/fixtures/cbac_generic_roles.yml", "test/fixtures/cbac_memberships.yml", "test/fixtures/cbac_permissions.yml", "test/fixtures/cbac_privilege_set.yml", "test/test_cbac_actions.rb", "test/test_cbac_authorize_generic_roles.rb", "test/test_cbac_context_role.rb", "test/test_cbac_privilege.rb", "test/test_cbac_privilege_set.rb", "test/test_helper.rb", "Manifest"]
|
|
14
14
|
s.homepage = "http://cbac.rubyforge.org"
|
|
15
15
|
s.rdoc_options = ["--line-numbers", "--inline-source", "--title", "Cbac", "--main", "README.rdoc"]
|
|
16
16
|
s.require_paths = ["lib"]
|
|
17
17
|
s.rubyforge_project = "cbac"
|
|
18
18
|
s.rubygems_version = "1.8.24"
|
|
19
19
|
s.summary = "CBAC - Simple authorization system for Rails applications."
|
|
20
|
-
s.test_files = ["test/test_cbac_privilege.rb", "test/test_cbac_context_role.rb", "test/test_helper.rb", "test/test_cbac_actions.rb", "test/test_cbac_privilege_set.rb", "test/
|
|
20
|
+
s.test_files = ["test/test_cbac_privilege.rb", "test/test_cbac_context_role.rb", "test/test_helper.rb", "test/test_cbac_actions.rb", "test/test_cbac_privilege_set.rb", "test/test_cbac_authorize_generic_roles.rb"]
|
|
21
21
|
|
|
22
22
|
if s.respond_to? :specification_version then
|
|
23
23
|
s.specification_version = 3
|
|
24
24
|
|
|
25
25
|
if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
|
|
26
|
+
s.add_dependency("rails", ">= 3.0")
|
|
27
|
+
s.add_development_dependency("rspec-rails")
|
|
28
|
+
s.add_development_dependency("sqlite3")
|
|
29
|
+
s.add_development_dependency("database_cleaner")
|
|
26
30
|
else
|
|
27
31
|
end
|
|
28
32
|
else
|
data/lib/cbac.rb
CHANGED
|
@@ -1,3 +1,5 @@
|
|
|
1
|
+
require "active_record"
|
|
2
|
+
|
|
1
3
|
# TODO: Check the permission table for double entries, ie: both an entry in the
|
|
2
4
|
# generic_role_id field and an entry in the context_role field. Solution: solve
|
|
3
5
|
# via model. Update model & add test
|
|
@@ -27,13 +29,6 @@ module Cbac
|
|
|
27
29
|
def cbac_boot!
|
|
28
30
|
if Cbac::Setup.check
|
|
29
31
|
puts "CBAC properly installed"
|
|
30
|
-
|
|
31
|
-
require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/privilege'))
|
|
32
|
-
require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/privilege_set'))
|
|
33
|
-
require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/context_role'))
|
|
34
|
-
require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine'))
|
|
35
|
-
require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine_file'))
|
|
36
|
-
require File.expand_path(File.join(File.dirname(__FILE__), '/cbac/cbac_pristine/pristine_permission'))
|
|
37
32
|
|
|
38
33
|
# check performs a check to see if the user is allowed to access the given
|
|
39
34
|
# resource. Example: authorization_check("BlogController", "index", :get)
|
|
@@ -55,7 +50,13 @@ module Cbac
|
|
|
55
50
|
# Check the given privilege_sets
|
|
56
51
|
def check_privilege_sets(privilege_sets, context = {})
|
|
57
52
|
# Check the generic roles
|
|
58
|
-
return true if privilege_sets.any? { |set|
|
|
53
|
+
return true if privilege_sets.any? { |set|
|
|
54
|
+
Cbac::GenericRole.joins(:generic_role_members, :permissions).exists?(
|
|
55
|
+
'cbac_memberships.user_id' => current_user,
|
|
56
|
+
'cbac_permissions.privilege_set_id' => set.id
|
|
57
|
+
)
|
|
58
|
+
}
|
|
59
|
+
|
|
59
60
|
# Check the context roles Get the permissions
|
|
60
61
|
privilege_sets.collect{|privilege_set|Cbac::Permission.find(:all, :conditions => ["privilege_set_id = ? AND generic_role_id = 0", privilege_set.id.to_s])}.flatten.each do |permission|
|
|
61
62
|
puts "Checking for context_role:#{permission.context_role} on privilege_set:#{permission.privilege_set.name}" if Cbac::Config.verbose
|
|
@@ -64,7 +65,9 @@ module Cbac
|
|
|
64
65
|
return true if eval_string.call(context)
|
|
65
66
|
rescue Exception => e
|
|
66
67
|
puts "Error in context role: #{permission.context_role} on privilege_set: #{permission.privilege_set.name}. Context: #{context}"
|
|
67
|
-
|
|
68
|
+
if %w{development test}.include? Rails.env
|
|
69
|
+
raise e # In development mode, this should crash as hard as possible, but in further stages, it should not
|
|
70
|
+
end
|
|
68
71
|
end
|
|
69
72
|
end
|
|
70
73
|
# not authorized
|
|
@@ -151,9 +151,8 @@ module Cbac
|
|
|
151
151
|
end
|
|
152
152
|
|
|
153
153
|
line_numbers.each do |number|
|
|
154
|
-
Cbac::KnownPermission.
|
|
154
|
+
Cbac::KnownPermission.where(:permission_number => number, :permission_type => pristine_role.known_permission_type).first_or_create
|
|
155
155
|
end
|
|
156
|
-
|
|
157
156
|
end
|
|
158
157
|
|
|
159
158
|
# add this permission to the staging area
|
data/lib/cbac/privilege.rb
CHANGED
|
@@ -24,16 +24,16 @@ class Privilege
|
|
|
24
24
|
@get_resources = Hash.new if @get_resources.nil?
|
|
25
25
|
@post_resources = Hash.new if @post_resources.nil?
|
|
26
26
|
action_aliases = {"GET" => ["GET", "get", "g","idempotent"], "POST" => ["POST", "post", "p"]}
|
|
27
|
-
raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{privilege_set}" unless PrivilegeSet.sets.include?(privilege_set)
|
|
27
|
+
raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{privilege_set}" unless Cbac::PrivilegeSet.sets.include?(privilege_set)
|
|
28
28
|
action_option = action_aliases.find { |name, aliases| aliases.include?(action.to_s) }
|
|
29
29
|
raise ArgumentError, "CBAC: Wrong value for argument 'action' in Privilege.resource: #{action}" if action_option.nil?
|
|
30
30
|
case action_option[0]
|
|
31
31
|
when "GET"
|
|
32
|
-
(@get_resources[method] ||= Array.new) << PrivilegeSet.sets[privilege_set]
|
|
33
|
-
(@includes[privilege_set] || Array.new).each {|child_set| (@get_resources[method] ||= Array.new) << PrivilegeSet.sets[child_set]} unless @includes.nil?
|
|
32
|
+
(@get_resources[method] ||= Array.new) << Cbac::PrivilegeSet.sets[privilege_set]
|
|
33
|
+
(@includes[privilege_set] || Array.new).each {|child_set| (@get_resources[method] ||= Array.new) << Cbac::PrivilegeSet.sets[child_set]} unless @includes.nil?
|
|
34
34
|
when "POST"
|
|
35
|
-
(@post_resources[method] ||= Array.new) << PrivilegeSet.sets[privilege_set]
|
|
36
|
-
(@includes[privilege_set] || Array.new).each {|child_set| (@post_resources[method] ||= Array.new) << PrivilegeSet.sets[child_set]} unless @includes.nil?
|
|
35
|
+
(@post_resources[method] ||= Array.new) << Cbac::PrivilegeSet.sets[privilege_set]
|
|
36
|
+
(@includes[privilege_set] || Array.new).each {|child_set| (@post_resources[method] ||= Array.new) << Cbac::PrivilegeSet.sets[child_set]} unless @includes.nil?
|
|
37
37
|
else
|
|
38
38
|
raise "CBAC: This should never happen (incorrect HTTP action)"
|
|
39
39
|
end
|
|
@@ -49,11 +49,11 @@ class Privilege
|
|
|
49
49
|
def include(privilege_set, included_privilege_set)
|
|
50
50
|
@includes = Hash.new if @includes.nil?
|
|
51
51
|
child_set = privilege_set.to_sym
|
|
52
|
-
raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{child_set}" unless PrivilegeSet.sets.include?(child_set)
|
|
52
|
+
raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{child_set}" unless Cbac::PrivilegeSet.sets.include?(child_set)
|
|
53
53
|
included_privilege_set = [included_privilege_set] unless included_privilege_set.is_a?(Enumerable)
|
|
54
54
|
included_privilege_set.each do |base_set|
|
|
55
55
|
# Check for existence of PrivilegeSet
|
|
56
|
-
raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{base_set}" unless PrivilegeSet.sets.include?(base_set)
|
|
56
|
+
raise ArgumentError, "CBAC: PrivilegeSet does not exist: #{base_set}" unless Cbac::PrivilegeSet.sets.include?(base_set)
|
|
57
57
|
# Adds the references
|
|
58
58
|
(@includes[base_set.to_sym] ||= Array.new) << child_set
|
|
59
59
|
# Copies existing resources
|
|
@@ -65,7 +65,6 @@ class Privilege
|
|
|
65
65
|
end
|
|
66
66
|
end
|
|
67
67
|
end
|
|
68
|
-
|
|
69
68
|
|
|
70
69
|
def model_attribute
|
|
71
70
|
|
|
@@ -81,14 +80,14 @@ class Privilege
|
|
|
81
80
|
# Usage:
|
|
82
81
|
# Privilege.select "my_controller/action", :get
|
|
83
82
|
#
|
|
84
|
-
# Returns an array of PrivilegeSet objects
|
|
83
|
+
# Returns an array of Cbac::PrivilegeSet objects
|
|
85
84
|
#
|
|
86
85
|
# If incorrect values are given for action_type the method will raise an
|
|
87
86
|
# ArgumentError. If the controller and action name are not found, an
|
|
88
87
|
# exception is being raised.
|
|
89
88
|
def select(controller_method, action_type)
|
|
90
89
|
action_type = action_type.to_s
|
|
91
|
-
post_methods = ["post", "put", "delete"]
|
|
90
|
+
post_methods = ["post", "put", "delete", "patch"]
|
|
92
91
|
if action_type == "get"
|
|
93
92
|
privilege_sets = Privilege.get_resources[controller_method]
|
|
94
93
|
else if post_methods.include?(action_type)
|
data/lib/cbac/setup.rb
CHANGED
|
@@ -9,17 +9,16 @@ module Cbac
|
|
|
9
9
|
# Check to see if the tables are correctly migrated. If the tables are not
|
|
10
10
|
# migrated, CBAC should terminate immediately.
|
|
11
11
|
def check_tables
|
|
12
|
-
# It is possible that there is no database connection yet. In that case, the table_exist call will fail
|
|
13
12
|
begin
|
|
14
|
-
|
|
13
|
+
classes = [ Cbac::PrivilegeSetRecord, Cbac::GenericRole, Cbac::Membership, Cbac::Permission ]
|
|
14
|
+
return classes.all? do |c|
|
|
15
|
+
c.table_exists?
|
|
16
|
+
end
|
|
15
17
|
rescue ActiveRecord::ConnectionNotEstablished
|
|
18
|
+
# There is no database connection yet.
|
|
16
19
|
puts "CBAC: Connection to database not established when initializing Cbac. Cbac is *not* running."
|
|
17
20
|
return false
|
|
18
21
|
end
|
|
19
|
-
return false unless Cbac::GenericRole.table_exists?
|
|
20
|
-
return false unless Cbac::Membership.table_exists?
|
|
21
|
-
return false unless Cbac::Permission.table_exists?
|
|
22
|
-
true
|
|
23
22
|
end
|
|
24
23
|
|
|
25
24
|
# Checks if the system is properly setup. This method is used by the
|
|
@@ -27,12 +26,13 @@ module Cbac
|
|
|
27
26
|
# is not properly setup, the bootstrapper will crash. Checks are performed
|
|
28
27
|
# to see if all the tables exists.
|
|
29
28
|
def check
|
|
30
|
-
|
|
29
|
+
unless check_tables
|
|
31
30
|
puts "CBAC: not properly initialized: one or more tables are missing. Did you install it correctly? (run generate)"
|
|
32
31
|
return false
|
|
33
32
|
end
|
|
34
|
-
|
|
33
|
+
|
|
34
|
+
return true
|
|
35
35
|
end
|
|
36
36
|
end
|
|
37
37
|
end
|
|
38
|
-
end
|
|
38
|
+
end
|
data/lib/cbac/version.rb
ADDED
|
@@ -52,14 +52,8 @@ class CbacGenerator < Rails::Generators::Base
|
|
|
52
52
|
copy_file "stylesheets/cbac.css", "public/stylesheets/cbac.css"
|
|
53
53
|
|
|
54
54
|
# migrations
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
# This is an upgrade from a previous version of CBAC
|
|
58
|
-
migration_template "migrate/create_cbac_upgrade_path.rb", "db/migrate/create_cbac_upgrade_path" unless self.class.migration_exists?("#{::Rails.root.to_s}/db/migrate", "create_cbac_upgrade_path")
|
|
59
|
-
else
|
|
60
|
-
# This is the first install of CBAC into the current project
|
|
61
|
-
migration_template "migrate/create_cbac_from_scratch.rb", "db/migrate/create_cbac_from_scratch" unless self.class.migration_exists?("#{::Rails.root.to_s}/db/migrate", "create_cbac_from_scratch")
|
|
62
|
-
end
|
|
55
|
+
migration_template "migrate/create_cbac_from_scratch.rb", "db/migrate/create_cbac_from_scratch" unless self.class.migration_exists?("#{::Rails.root.to_s}/db/migrate", "create_cbac_from_scratch")
|
|
56
|
+
|
|
63
57
|
# default fixtures
|
|
64
58
|
copy_file "fixtures/cbac_permissions.yml", "test/fixtures/cbac_permissions.yml"
|
|
65
59
|
copy_file "fixtures/cbac_generic_roles.yml", "test/fixtures/cbac_generic_roles.yml"
|
|
@@ -1,49 +1,72 @@
|
|
|
1
1
|
class CreateCbacFromScratch < ActiveRecord::Migration
|
|
2
2
|
def self.up
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
3
|
+
unless Cbac::Permission.table_exists?
|
|
4
|
+
create_table :cbac_permissions do |t|
|
|
5
|
+
t.integer :generic_role_id, :default => 0
|
|
6
|
+
t.string :context_role
|
|
7
|
+
t.integer :privilege_set_id
|
|
8
|
+
t.timestamps
|
|
9
|
+
end
|
|
8
10
|
end
|
|
9
11
|
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
12
|
+
unless Cbac::GenericRole.table_exists?
|
|
13
|
+
create_table :cbac_generic_roles do |t|
|
|
14
|
+
t.string :name
|
|
15
|
+
t.text :remarks
|
|
16
|
+
t.timestamps
|
|
17
|
+
end
|
|
14
18
|
end
|
|
15
19
|
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
+
unless Cbac::Membership.table_exists?
|
|
21
|
+
create_table :cbac_memberships do |t|
|
|
22
|
+
t.integer :user_id
|
|
23
|
+
t.integer :generic_role_id
|
|
24
|
+
t.timestamps
|
|
25
|
+
end
|
|
20
26
|
end
|
|
21
27
|
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
28
|
+
unless Cbac::PrivilegeSetRecord.table_exists?
|
|
29
|
+
create_table :cbac_privilege_set do |t|
|
|
30
|
+
t.string :name
|
|
31
|
+
t.string :comment
|
|
32
|
+
t.timestamps
|
|
33
|
+
end
|
|
26
34
|
end
|
|
27
35
|
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
t.timestamps
|
|
36
|
+
unless Cbac::CbacPristine::PristineFile.table_exists?
|
|
37
|
+
create_table :cbac_pristine_files do |t|
|
|
38
|
+
t.string :type
|
|
39
|
+
t.string :file_name
|
|
40
|
+
t.timestamps
|
|
41
|
+
end
|
|
35
42
|
end
|
|
36
43
|
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
44
|
+
unless Cbac::CbacPristine::PristinePermission.table_exists?
|
|
45
|
+
create_table :cbac_staged_permissions do |t|
|
|
46
|
+
t.integer :pristine_role_id
|
|
47
|
+
t.integer :pristine_file_id
|
|
48
|
+
t.string :privilege_set_name
|
|
49
|
+
t.integer :line_number
|
|
50
|
+
t.string :comment
|
|
51
|
+
t.text :operation, :limit => 2
|
|
52
|
+
t.timestamps
|
|
53
|
+
end
|
|
42
54
|
end
|
|
43
55
|
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
56
|
+
unless Cbac::CbacPristine::PristineRole.table_exists?
|
|
57
|
+
create_table :cbac_staged_roles do |t|
|
|
58
|
+
t.string :role_type
|
|
59
|
+
t.string :name
|
|
60
|
+
t.integer :role_id
|
|
61
|
+
t.timestamps
|
|
62
|
+
end
|
|
63
|
+
end
|
|
64
|
+
|
|
65
|
+
unless Cbac::KnownPermission.table_exists?
|
|
66
|
+
create_table :cbac_known_permissions do |t|
|
|
67
|
+
t.integer :permission_number, :null => :no
|
|
68
|
+
t.integer :permission_type, :default => 0
|
|
69
|
+
end
|
|
47
70
|
end
|
|
48
71
|
end
|
|
49
72
|
|