credentials 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/History.txt +10 -0
- data/LICENSE +20 -0
- data/Manifest.txt +107 -0
- data/README.rdoc +116 -0
- data/Rakefile +20 -0
- data/generators/credentials/USAGE +8 -0
- data/generators/credentials/credentials_generator.rb +8 -0
- data/init.rb +1 -0
- data/install.rb +1 -0
- data/lib/credentials/actor.rb +57 -0
- data/lib/credentials/class_methods.rb +25 -0
- data/lib/credentials/inflector.rb +133 -0
- data/lib/credentials/rulebook.rb +27 -0
- data/lib/credentials/rules/can.rb +6 -0
- data/lib/credentials/rules/cannot.rb +20 -0
- data/lib/credentials/rules/rule.rb +46 -0
- data/lib/credentials.rb +9 -0
- data/uninstall.rb +1 -0
- metadata +73 -0
data/History.txt
ADDED
@@ -0,0 +1,10 @@
|
|
1
|
+
=== 1.0.1 / 2009-04-23
|
2
|
+
|
3
|
+
* Now sort of framework-agnostic. I say "sort of", because what I've actually
|
4
|
+
done is just copy and paste the chunks I needed out of ActiveSupport. I guess
|
5
|
+
the goal would be to rewrite around these, but since I basically never need
|
6
|
+
this for anything except Rails, it seems like overkill.
|
7
|
+
|
8
|
+
=== 1.0.0 / 2009-04-23
|
9
|
+
|
10
|
+
* Gemification and README
|
data/LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2008 Matt Powell
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/Manifest.txt
ADDED
@@ -0,0 +1,107 @@
|
|
1
|
+
credentials.gemspec
|
2
|
+
generators/credentials/credentials_generator.rb
|
3
|
+
generators/credentials/USAGE
|
4
|
+
History.txt
|
5
|
+
init.rb
|
6
|
+
install.rb
|
7
|
+
lib/credentials/actor.rb
|
8
|
+
lib/credentials/class_methods.rb
|
9
|
+
lib/credentials/inflector.rb
|
10
|
+
lib/credentials/rulebook.rb
|
11
|
+
lib/credentials/rules/can.rb
|
12
|
+
lib/credentials/rules/cannot.rb
|
13
|
+
lib/credentials/rules/rule.rb
|
14
|
+
lib/credentials.rb
|
15
|
+
LICENSE
|
16
|
+
Manifest.txt
|
17
|
+
Rakefile
|
18
|
+
README.rdoc
|
19
|
+
uninstall.rb
|
20
|
+
tt@Yavin:credentials[master]$ find . -type f | grep -v ".git"./credentials.gemspec
|
21
|
+
generators/credentials/credentials_generator.rb
|
22
|
+
generators/credentials/USAGE
|
23
|
+
History.txt
|
24
|
+
init.rb
|
25
|
+
install.rb
|
26
|
+
lib/credentials/actor.rb
|
27
|
+
lib/credentials/class_methods.rb
|
28
|
+
lib/credentials/inflector.rb
|
29
|
+
lib/credentials/rulebook.rb
|
30
|
+
lib/credentials/rules/can.rb
|
31
|
+
lib/credentials/rules/cannot.rb
|
32
|
+
lib/credentials/rules/rule.rb
|
33
|
+
lib/credentials.rb
|
34
|
+
LICENSE
|
35
|
+
Manifest.txt
|
36
|
+
Rakefile
|
37
|
+
README.rdoc
|
38
|
+
spec/credentials_spec.rb
|
39
|
+
spec/debug.log
|
40
|
+
spec/inflector_spec.rb
|
41
|
+
spec/spec_helper.rb
|
42
|
+
spec/test_app/app/controllers/application.rb
|
43
|
+
spec/test_app/app/models/group.rb
|
44
|
+
spec/test_app/app/models/headmaster.rb
|
45
|
+
spec/test_app/app/models/house.rb
|
46
|
+
spec/test_app/app/models/school.rb
|
47
|
+
spec/test_app/app/models/student.rb
|
48
|
+
spec/test_app/app/models/teacher.rb
|
49
|
+
spec/test_app/app/models/user.rb
|
50
|
+
spec/test_app/config/boot.rb
|
51
|
+
spec/test_app/config/database.yml
|
52
|
+
spec/test_app/config/environment.rb
|
53
|
+
spec/test_app/config/environments/development.rb
|
54
|
+
spec/test_app/config/environments/production.rb
|
55
|
+
spec/test_app/config/environments/test.rb
|
56
|
+
spec/test_app/config/initializers/inflections.rb
|
57
|
+
spec/test_app/config/initializers/mime_types.rb
|
58
|
+
spec/test_app/config/initializers/new_rails_defaults.rb
|
59
|
+
spec/test_app/config/locales/en.yml
|
60
|
+
spec/test_app/config/routes.rb
|
61
|
+
spec/test_app/db/development.sqlite3
|
62
|
+
spec/test_app/db/migrate/20081128211345_create_users.rb
|
63
|
+
spec/test_app/db/migrate/20081128213041_create_groups.rb
|
64
|
+
spec/test_app/db/migrate/20081129031929_create_students.rb
|
65
|
+
spec/test_app/db/migrate/20081129101832_create_schools.rb
|
66
|
+
spec/test_app/db/migrate/20081129105013_create_houses.rb
|
67
|
+
spec/test_app/db/schema.rb
|
68
|
+
spec/test_app/db/test.sqlite3
|
69
|
+
spec/test_app/lib/tasks/rspec.rake
|
70
|
+
spec/test_app/log/test.log
|
71
|
+
spec/test_app/Rakefile
|
72
|
+
spec/test_app/README
|
73
|
+
spec/test_app/script/about
|
74
|
+
spec/test_app/script/autospec
|
75
|
+
spec/test_app/script/console
|
76
|
+
spec/test_app/script/dbconsole
|
77
|
+
spec/test_app/script/destroy
|
78
|
+
spec/test_app/script/generate
|
79
|
+
spec/test_app/script/performance/benchmarker
|
80
|
+
spec/test_app/script/performance/profiler
|
81
|
+
spec/test_app/script/performance/request
|
82
|
+
spec/test_app/script/plugin
|
83
|
+
spec/test_app/script/process/inspector
|
84
|
+
spec/test_app/script/process/reaper
|
85
|
+
spec/test_app/script/process/spawner
|
86
|
+
spec/test_app/script/runner
|
87
|
+
spec/test_app/script/server
|
88
|
+
spec/test_app/script/spec
|
89
|
+
spec/test_app/script/spec_server
|
90
|
+
spec/test_app/spec/fixtures/groups.yml
|
91
|
+
spec/test_app/spec/fixtures/houses.yml
|
92
|
+
spec/test_app/spec/fixtures/schools.yml
|
93
|
+
spec/test_app/spec/fixtures/users.yml
|
94
|
+
spec/test_app/spec/models/group_spec.rb
|
95
|
+
spec/test_app/spec/models/headmaster_spec.rb
|
96
|
+
spec/test_app/spec/models/house_spec.rb
|
97
|
+
spec/test_app/spec/models/school_spec.rb
|
98
|
+
spec/test_app/spec/models/student_spec.rb
|
99
|
+
spec/test_app/spec/models/teacher_spec.rb
|
100
|
+
spec/test_app/spec/models/user_spec.rb
|
101
|
+
spec/test_app/spec/rcov.opts
|
102
|
+
spec/test_app/spec/spec.opts
|
103
|
+
spec/test_app/spec/spec_helper.rb
|
104
|
+
spec/test_app/stories/all.rb
|
105
|
+
spec/test_app/stories/helper.rb
|
106
|
+
spec/test_app/vendor/plugins/credentials/init.rb
|
107
|
+
uninstall.rb
|
data/README.rdoc
ADDED
@@ -0,0 +1,116 @@
|
|
1
|
+
= Credentials
|
2
|
+
|
3
|
+
* http://github.com/fauxparse/credentials
|
4
|
+
|
5
|
+
== Description
|
6
|
+
|
7
|
+
A generic actor/resource permission framework.
|
8
|
+
|
9
|
+
== Installation
|
10
|
+
|
11
|
+
* <tt>sudo gem install fauxparse-credentials --source=http://gems.github.com</tt>
|
12
|
+
|
13
|
+
== Examples
|
14
|
+
|
15
|
+
class User
|
16
|
+
credentials do |user|
|
17
|
+
# Users should only be able to edit their own details...
|
18
|
+
user.can :edit, User, :if => lambda { |a, b| if a == b }
|
19
|
+
|
20
|
+
# ...unless they are administrators!
|
21
|
+
user.can :edit, User, :if => :admin?
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
a = User.new
|
26
|
+
b = User.new :admin => true
|
27
|
+
a.can_edit?(a) #=> true
|
28
|
+
a.can_edit?(b) #=> false
|
29
|
+
b.can_edit?(b) #=> true
|
30
|
+
b.can_edit?(a) #=> true
|
31
|
+
|
32
|
+
Check out the example application (in +spec/test_app+) for more (completely
|
33
|
+
frivolous) examples.
|
34
|
+
|
35
|
+
== Philosophy
|
36
|
+
|
37
|
+
Credentials is NOT a role-based permission system. Permissions are based
|
38
|
+
on code, not on database objects. That said, there's nothing to stop you
|
39
|
+
from doing something like this:
|
40
|
+
|
41
|
+
class User
|
42
|
+
has_and_belongs_to_many :roles
|
43
|
+
|
44
|
+
credentials do |user|
|
45
|
+
user.can :access, :admin_pages, :if => :admin?
|
46
|
+
end
|
47
|
+
|
48
|
+
def admin?
|
49
|
+
!roles.find_by_name("admin").nil?
|
50
|
+
end
|
51
|
+
end
|
52
|
+
|
53
|
+
I just figured there were dozens of systems out there for implementing
|
54
|
+
role-based permissions, and everyone likes to do it differently, so I
|
55
|
+
wouldn't reinvent the wheel. Instead, I wanted to focus on capturing
|
56
|
+
the logic behind permissions, and avoid having to grant individual
|
57
|
+
permissions for things that should be implemented algorithmically.
|
58
|
+
|
59
|
+
For example, say you want to allow users to edit user profiles under
|
60
|
+
the following rules:
|
61
|
+
|
62
|
+
* Users can edit their own profile
|
63
|
+
* Admin users can edit any profile
|
64
|
+
* Selected users can edit selected other individual profiles
|
65
|
+
|
66
|
+
Ordinarily, that's three separate checks: sure, I can bundle these up
|
67
|
+
into a method on my User object, but the controller still needs to call
|
68
|
+
that method and take appropriate action if it's not satisfied.
|
69
|
+
|
70
|
+
With Credentials, I can write one method in my ApplicationController,
|
71
|
+
and then do this:
|
72
|
+
|
73
|
+
class UsersController
|
74
|
+
def update
|
75
|
+
@user = User.find params[:id]
|
76
|
+
requires_permission_to :edit, @user
|
77
|
+
@user.update_attributes params[:user]
|
78
|
+
# ...
|
79
|
+
end
|
80
|
+
end
|
81
|
+
|
82
|
+
The +requires_permission_to+ method would call <tt>current_user.can?(:edit, @user)</tt>,
|
83
|
+
and, if appropriate, raise an exception which would get handled by Rails
|
84
|
+
and turned into a nice pretty error page.
|
85
|
+
|
86
|
+
== To do
|
87
|
+
|
88
|
+
* The test application is largely overkill. It does a half-decent job
|
89
|
+
of testing the functionality of the library, but I'd like to rewrite
|
90
|
+
it into a proper test suite.
|
91
|
+
* Proper documentation of the API. It's been a while since I touched this.
|
92
|
+
* Better support for groups would make integration with RBA systems easier.
|
93
|
+
* Deny permissions (+cannot+).
|
94
|
+
|
95
|
+
== License
|
96
|
+
|
97
|
+
Copyright (c) 2009 Matt Powell (fauxparse@gmail.com)
|
98
|
+
|
99
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
100
|
+
a copy of this software and associated documentation files (the
|
101
|
+
'Software'), to deal in the Software without restriction, including
|
102
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
103
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
104
|
+
permit persons to whom the Software is furnished to do so, subject to
|
105
|
+
the following conditions:
|
106
|
+
|
107
|
+
The above copyright notice and this permission notice shall be
|
108
|
+
included in all copies or substantial portions of the Software.
|
109
|
+
|
110
|
+
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
|
111
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
112
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
113
|
+
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
114
|
+
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
115
|
+
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
116
|
+
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/Rakefile
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
require 'rake'
|
2
|
+
require 'spec/rake/spectask'
|
3
|
+
require 'rcov/rcovtask'
|
4
|
+
|
5
|
+
desc 'Default: run specs.'
|
6
|
+
task :default => :spec
|
7
|
+
|
8
|
+
desc 'Run the specs'
|
9
|
+
Spec::Rake::SpecTask.new(:spec) do |t|
|
10
|
+
t.spec_opts = ['--colour --format progress --loadby mtime --reverse']
|
11
|
+
t.spec_files = FileList['spec/**/*_spec.rb']
|
12
|
+
end
|
13
|
+
|
14
|
+
desc 'Output test coverage of plugin.'
|
15
|
+
Rcov::RcovTask.new(:rcov) do |rcov|
|
16
|
+
rcov.pattern = 'spec/**/*_spec.rb'
|
17
|
+
rcov.output_dir = 'rcov'
|
18
|
+
rcov.verbose = true
|
19
|
+
rcov.rcov_opts << '--exclude "test_app/config/*"'
|
20
|
+
end
|
data/init.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require "credentials"
|
data/install.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
# Install hook code here
|
@@ -0,0 +1,57 @@
|
|
1
|
+
module Credentials
|
2
|
+
module Actor
|
3
|
+
def self.included(base) #:nodoc:
|
4
|
+
base.send :extend, ClassMethods
|
5
|
+
end
|
6
|
+
|
7
|
+
# Returns true if the receiver has permission to perform the action ‘<tt>verb</tt>’ with the given <tt>args</tt>.
|
8
|
+
def can?(verb, *args)
|
9
|
+
self.class.can?(self, verb, *args)
|
10
|
+
end
|
11
|
+
alias_method :able_to?, :can?
|
12
|
+
|
13
|
+
module ClassMethods
|
14
|
+
# Returns true if the given <tt>actor</tt> has permission to perform the action ‘<tt>verb</tt>’ with the given <tt>args</tt>.
|
15
|
+
def can?(actor, verb, *args)
|
16
|
+
rulebook.can?(actor, verb, *args) ||
|
17
|
+
can_by_association?(actor, verb, *args) ||
|
18
|
+
can_by_actor_group?(actor, verb, *args)
|
19
|
+
end
|
20
|
+
|
21
|
+
# Returns true if any magic methods give the requested permission.
|
22
|
+
# For example, <tt>by_association?(user, :edit, post)</tt> would try the following (in order):
|
23
|
+
# * <tt>user.is_editor_of?(post)</tt>
|
24
|
+
# * <tt>user.is_editor_for?(post)</tt>
|
25
|
+
# * <tt>user.is_editor_on?(post)</tt>
|
26
|
+
# * <tt>user.is_editor_at?(post)</tt>
|
27
|
+
# * <tt>user.is_editor_in?(post)</tt>
|
28
|
+
# * <tt>post.editor == user</tt>
|
29
|
+
# * <tt>post.editors.include?(user)</tt>
|
30
|
+
def can_by_association?(actor, verb, *args)
|
31
|
+
return false unless args.size == 1
|
32
|
+
noun = verb.to_s.actorize
|
33
|
+
object = args.first
|
34
|
+
%w(of for on at in).each do |prep|
|
35
|
+
return true if actor.respond_to?(method = "is_#{noun}_#{prep}?".to_sym) and actor.send(method, object)
|
36
|
+
end
|
37
|
+
return true if object.respond_to?(method = noun.to_sym) and object.send(method) == actor
|
38
|
+
return true if object.respond_to?(method = noun.pluralize.to_sym) and object.send(method).include?(actor)
|
39
|
+
false
|
40
|
+
end
|
41
|
+
|
42
|
+
# Returns true if the actor belongs to any groups that have the requested permission.
|
43
|
+
def can_by_actor_group?(actor, verb, *args)
|
44
|
+
groups_for(actor).any? { |group| group.respond_to?(:can?) && group.can?(verb, *args) }
|
45
|
+
end
|
46
|
+
|
47
|
+
# Returns a list of the groups the user belongs to, according to the <tt>:groups</tt> option to <tt>has_credentials</tt>.
|
48
|
+
def groups_for(actor)
|
49
|
+
case true
|
50
|
+
when !credential_options[:groups].blank? then Array(credential_options[:groups]).map(&:to_sym).collect { |g| actor.send(g) }.flatten.uniq
|
51
|
+
when actor.respond_to?(:groups) then actor.groups.flatten.uniq
|
52
|
+
else []
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
module Credentials
|
2
|
+
module ClassMethods
|
3
|
+
# Defines the set of credentials common to members of a class.
|
4
|
+
def credentials(options = {}, &block)
|
5
|
+
unless included_modules.include? Actor
|
6
|
+
class_inheritable_reader :rulebook
|
7
|
+
class_inheritable_reader :credential_options
|
8
|
+
include Actor
|
9
|
+
end
|
10
|
+
write_inheritable_attribute :credential_options, merge_credential_options(read_inheritable_attribute(:credential_options), options)
|
11
|
+
old_rulebook = read_inheritable_attribute(:rulebook)
|
12
|
+
write_inheritable_attribute :rulebook, Rulebook.new(self, old_rulebook ? old_rulebook.rules : [])
|
13
|
+
yield rulebook if block_given?
|
14
|
+
end
|
15
|
+
|
16
|
+
protected
|
17
|
+
# Merges the set of options inherited from a parent class (if any)
|
18
|
+
def merge_credential_options(a, b)
|
19
|
+
a ||= {}
|
20
|
+
b ||= {}
|
21
|
+
a[:groups] = (Array(a[:groups]) + Array(b.delete(:groups))).uniq if b[:groups]
|
22
|
+
a.merge(b)
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,133 @@
|
|
1
|
+
require "singleton"
|
2
|
+
|
3
|
+
module Credentials
|
4
|
+
module Inflector
|
5
|
+
extend self
|
6
|
+
|
7
|
+
class Inflections
|
8
|
+
include Singleton
|
9
|
+
|
10
|
+
attr_reader :actors
|
11
|
+
|
12
|
+
def actors
|
13
|
+
@actors ||= []
|
14
|
+
end
|
15
|
+
|
16
|
+
def actor(rule, replacement)
|
17
|
+
actors.insert 0, [ rule, replacement ]
|
18
|
+
end
|
19
|
+
|
20
|
+
unless defined?(ActiveSupport)
|
21
|
+
attr_reader :plurals, :singulars, :uncountables
|
22
|
+
|
23
|
+
def initialize
|
24
|
+
@plurals, @singulars, @uncountables = [], [], []
|
25
|
+
end
|
26
|
+
|
27
|
+
def plurals
|
28
|
+
@plurals ||= []
|
29
|
+
end
|
30
|
+
|
31
|
+
def plural(rule, replacement)
|
32
|
+
plurals.insert 0, [ rule, replacement ]
|
33
|
+
end
|
34
|
+
def plural(rule, replacement)
|
35
|
+
@uncountables.delete(rule) if rule.is_a?(String)
|
36
|
+
@uncountables.delete(replacement)
|
37
|
+
@plurals.insert(0, [rule, replacement])
|
38
|
+
end
|
39
|
+
|
40
|
+
def singular(rule, replacement)
|
41
|
+
@uncountables.delete(rule) if rule.is_a?(String)
|
42
|
+
@uncountables.delete(replacement)
|
43
|
+
@singulars.insert(0, [rule, replacement])
|
44
|
+
end
|
45
|
+
|
46
|
+
def irregular(singular, plural)
|
47
|
+
@uncountables.delete(singular)
|
48
|
+
@uncountables.delete(plural)
|
49
|
+
if singular[0,1].upcase == plural[0,1].upcase
|
50
|
+
plural(Regexp.new("(#{singular[0,1]})#{singular[1..-1]}$", "i"), '\1' + plural[1..-1])
|
51
|
+
singular(Regexp.new("(#{plural[0,1]})#{plural[1..-1]}$", "i"), '\1' + singular[1..-1])
|
52
|
+
else
|
53
|
+
plural(Regexp.new("#{singular[0,1].upcase}(?i)#{singular[1..-1]}$"), plural[0,1].upcase + plural[1..-1])
|
54
|
+
plural(Regexp.new("#{singular[0,1].downcase}(?i)#{singular[1..-1]}$"), plural[0,1].downcase + plural[1..-1])
|
55
|
+
singular(Regexp.new("#{plural[0,1].upcase}(?i)#{plural[1..-1]}$"), singular[0,1].upcase + singular[1..-1])
|
56
|
+
singular(Regexp.new("#{plural[0,1].downcase}(?i)#{plural[1..-1]}$"), singular[0,1].downcase + singular[1..-1])
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
def uncountable(*words)
|
61
|
+
(@uncountables << words).flatten!
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
def inflections
|
67
|
+
if block_given?
|
68
|
+
yield Inflections.instance
|
69
|
+
else
|
70
|
+
Inflections.instance
|
71
|
+
end
|
72
|
+
end
|
73
|
+
|
74
|
+
def actorize(word)
|
75
|
+
result = word.to_s.dup
|
76
|
+
inflections.actors.each { |(rule, replacement)| break if result.gsub!(rule, replacement) } unless result.empty?
|
77
|
+
result
|
78
|
+
end
|
79
|
+
|
80
|
+
unless defined?(ActiveSupport)
|
81
|
+
def pluralize(word)
|
82
|
+
result = word.to_s.dup
|
83
|
+
|
84
|
+
if word.empty? || inflections.uncountables.include?(result.downcase)
|
85
|
+
result
|
86
|
+
else
|
87
|
+
inflections.plurals.each { |(rule, replacement)| break if result.gsub!(rule, replacement) }
|
88
|
+
result
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
92
|
+
def singularize(word)
|
93
|
+
result = word.to_s.dup
|
94
|
+
|
95
|
+
if inflections.uncountables.include?(result.downcase)
|
96
|
+
result
|
97
|
+
else
|
98
|
+
inflections.singulars.each { |(rule, replacement)| break if result.gsub!(rule, replacement) }
|
99
|
+
result
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
end
|
104
|
+
|
105
|
+
module StringExtensions
|
106
|
+
def actorize
|
107
|
+
Credentials::Inflector.actorize(self)
|
108
|
+
end
|
109
|
+
|
110
|
+
unless defined?(ActiveSupport)
|
111
|
+
def pluralize
|
112
|
+
Credentials::Inflector.pluralize(self)
|
113
|
+
end
|
114
|
+
|
115
|
+
def singularize
|
116
|
+
Credentials::Inflector.singularize(self)
|
117
|
+
end
|
118
|
+
end
|
119
|
+
end
|
120
|
+
end
|
121
|
+
|
122
|
+
String.send :include, Credentials::StringExtensions
|
123
|
+
|
124
|
+
Credentials::Inflector.inflections do |inflect|
|
125
|
+
inflect.actor(/$/, 'er')
|
126
|
+
inflect.actor(/e$/, 'er')
|
127
|
+
inflect.actor(/ate$/, 'ator')
|
128
|
+
inflect.actor(/([^aeiou])([aeiou])([^aeioux])$/, '\1\2\3\3er')
|
129
|
+
inflect.actor(/ct$/, 'ctor')
|
130
|
+
inflect.actor(/^(improvi[sz])e$/, '\1or')
|
131
|
+
inflect.actor(/^(authori)[sz]e$/, '\1ty')
|
132
|
+
inflect.actor(/^administer$/, 'administrator')
|
133
|
+
end
|
@@ -0,0 +1,27 @@
|
|
1
|
+
module Credentials
|
2
|
+
class Rulebook
|
3
|
+
attr_reader :rules
|
4
|
+
|
5
|
+
def initialize(klass, rules = [])
|
6
|
+
@rules = rules
|
7
|
+
@klass = klass
|
8
|
+
end
|
9
|
+
|
10
|
+
def can(verb, *args)
|
11
|
+
@rules << Credentials::Rules::Can.new(@klass, verb, *args)
|
12
|
+
end
|
13
|
+
|
14
|
+
def cannot(verb, *args)
|
15
|
+
@rules << Credentials::Rules::Cannot.new(@klass, verb, *args)
|
16
|
+
end
|
17
|
+
|
18
|
+
def can?(actor, verb, *args)
|
19
|
+
result = @klass.credential_options[:allow_by_default] || false
|
20
|
+
@rules.each do |rule|
|
21
|
+
result = true if rule.allow?(actor, verb, *args)
|
22
|
+
result = false if rule.deny?(actor, verb, *args)
|
23
|
+
end
|
24
|
+
result
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,20 @@
|
|
1
|
+
module Credentials
|
2
|
+
module Rules
|
3
|
+
class Cannot < Can
|
4
|
+
def allow?(actor, verb, *args)
|
5
|
+
return false unless match? actor, verb, *args
|
6
|
+
result = false
|
7
|
+
result ||= evaluate(@options[:unless], actor, *args) if @options[:unless]
|
8
|
+
result
|
9
|
+
end
|
10
|
+
|
11
|
+
def deny?(actor, verb, *args)
|
12
|
+
return false unless match? actor, verb, *args
|
13
|
+
result = true
|
14
|
+
result &&= evaluate(@options[:if], actor, *args) if @options[:if]
|
15
|
+
result &&= !evaluate(@options[:unless], actor, *args) if @options[:unless]
|
16
|
+
result
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
20
|
+
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
module Credentials
|
2
|
+
module Rules
|
3
|
+
class Rule
|
4
|
+
attr_accessor :verb
|
5
|
+
attr_accessor :options
|
6
|
+
|
7
|
+
def initialize(klass, verb, *args)
|
8
|
+
@klass = klass
|
9
|
+
@verb = verb.to_sym
|
10
|
+
@options = args.last.is_a?(Hash) ? args.pop : {}
|
11
|
+
@pattern = Array(args)
|
12
|
+
end
|
13
|
+
|
14
|
+
def match?(actor, verb, *args)
|
15
|
+
return false unless actor == @klass or actor.is_a?(@klass)
|
16
|
+
return false unless @verb == :any or @verb == verb.to_sym
|
17
|
+
return false unless args.size == @pattern.size
|
18
|
+
@pattern.zip(args).each { |pattern, arg| return false unless !pattern.is_a?(Class) or arg == pattern or arg.is_a?(pattern) }
|
19
|
+
end
|
20
|
+
|
21
|
+
def allow?(actor, verb, *args)
|
22
|
+
return false unless match? actor, verb, *args
|
23
|
+
result = true
|
24
|
+
result &&= evaluate(@options[:if], actor, *args) if @options[:if]
|
25
|
+
result &&= !evaluate(@options[:unless], actor, *args) if @options[:unless]
|
26
|
+
result
|
27
|
+
end
|
28
|
+
|
29
|
+
def deny?(actor, verb, *args)
|
30
|
+
return false unless match? actor, verb, *args
|
31
|
+
result = false
|
32
|
+
result ||= evaluate(@options[:unless], actor, *args) if @options[:unless]
|
33
|
+
result
|
34
|
+
end
|
35
|
+
|
36
|
+
protected
|
37
|
+
def evaluate(fn, actor, *args)
|
38
|
+
case fn
|
39
|
+
when Proc then fn.call(actor, *args)
|
40
|
+
when Symbol, String then actor.send(fn.to_sym, *args)
|
41
|
+
else raise ArgumentError, "expected a proc or a symbol"
|
42
|
+
end
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
data/lib/credentials.rb
ADDED
@@ -0,0 +1,9 @@
|
|
1
|
+
require "credentials/actor"
|
2
|
+
require "credentials/rulebook"
|
3
|
+
require "credentials/class_methods"
|
4
|
+
require "credentials/inflector"
|
5
|
+
require "credentials/rules/rule"
|
6
|
+
Dir.glob(File.dirname(__FILE__) + "/credentials/rules/*.rb").each { |f| require f }
|
7
|
+
Dir.glob(File.dirname(__FILE__) + "/credentials/support/*.rb").each { |f| require f } unless defined?(ActiveSupport)
|
8
|
+
|
9
|
+
Object.send :extend, Credentials::ClassMethods
|
data/uninstall.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
# Uninstall hook code here
|
metadata
ADDED
@@ -0,0 +1,73 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: credentials
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Matt Powell
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
|
12
|
+
date: 2009-04-23 00:00:00 +12:00
|
13
|
+
default_executable:
|
14
|
+
dependencies: []
|
15
|
+
|
16
|
+
description: Credentials is a generic actor/resource permission framework based on rules, not objects.
|
17
|
+
email: fauxparse@gmail.com
|
18
|
+
executables: []
|
19
|
+
|
20
|
+
extensions: []
|
21
|
+
|
22
|
+
extra_rdoc_files: []
|
23
|
+
|
24
|
+
files:
|
25
|
+
- generators/credentials/credentials_generator.rb
|
26
|
+
- generators/credentials/USAGE
|
27
|
+
- History.txt
|
28
|
+
- init.rb
|
29
|
+
- install.rb
|
30
|
+
- lib/credentials/actor.rb
|
31
|
+
- lib/credentials/class_methods.rb
|
32
|
+
- lib/credentials/inflector.rb
|
33
|
+
- lib/credentials/rulebook.rb
|
34
|
+
- lib/credentials/rules/can.rb
|
35
|
+
- lib/credentials/rules/cannot.rb
|
36
|
+
- lib/credentials/rules/rule.rb
|
37
|
+
- lib/credentials.rb
|
38
|
+
- LICENSE
|
39
|
+
- Manifest.txt
|
40
|
+
- Rakefile
|
41
|
+
- README.rdoc
|
42
|
+
- uninstall.rb
|
43
|
+
has_rdoc: true
|
44
|
+
homepage: http://github.com/fauxparse/credentials
|
45
|
+
licenses: []
|
46
|
+
|
47
|
+
post_install_message:
|
48
|
+
rdoc_options:
|
49
|
+
- --inline-source
|
50
|
+
- --charset=UTF-8
|
51
|
+
require_paths:
|
52
|
+
- lib
|
53
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
54
|
+
requirements:
|
55
|
+
- - ">="
|
56
|
+
- !ruby/object:Gem::Version
|
57
|
+
version: "0"
|
58
|
+
version:
|
59
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
60
|
+
requirements:
|
61
|
+
- - ">="
|
62
|
+
- !ruby/object:Gem::Version
|
63
|
+
version: "0"
|
64
|
+
version:
|
65
|
+
requirements: []
|
66
|
+
|
67
|
+
rubyforge_project: credentials
|
68
|
+
rubygems_version: 1.3.5
|
69
|
+
signing_key:
|
70
|
+
specification_version: 3
|
71
|
+
summary: Credentials is a generic actor/resource permission framework based on rules, not objects.
|
72
|
+
test_files: []
|
73
|
+
|