declarative_authorization-dta 0.1 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/lib/declarative_authorization/in_model.rb +11 -25
- metadata +29 -9
|
@@ -5,6 +5,8 @@ require File.dirname(__FILE__) + '/obligation_scope.rb'
|
|
|
5
5
|
module Authorization
|
|
6
6
|
|
|
7
7
|
module AuthorizationInModel
|
|
8
|
+
ReadAllPrivilege = :read
|
|
9
|
+
WriteAllPrivilege = :write
|
|
8
10
|
|
|
9
11
|
# If the user meets the given privilege, permitted_to? returns true
|
|
10
12
|
# and yields to the optional block.
|
|
@@ -49,7 +51,7 @@ module Authorization
|
|
|
49
51
|
return false unless [:read, :write].include?(mode)
|
|
50
52
|
|
|
51
53
|
# Variables needed to make checks
|
|
52
|
-
access_all_columns_sym = (mode == :read) ?
|
|
54
|
+
access_all_columns_sym = (mode == :read) ? ReadAllPrivilege : WriteAllPrivilege
|
|
53
55
|
whitelist_sym = (mode == :read) ? attribute.to_sym : (attribute + '=').to_sym
|
|
54
56
|
acl_sym = (mode == :read) ? ('read_' + attribute).to_sym : ('write_' + attribute).to_sym
|
|
55
57
|
|
|
@@ -234,11 +236,11 @@ module Authorization
|
|
|
234
236
|
instance_eval <<-EOV
|
|
235
237
|
|
|
236
238
|
def #{method_name}
|
|
237
|
-
permitted_to!(:read_#{method_name}) unless permitted_to?(:#{
|
|
239
|
+
permitted_to!(:read_#{method_name}) unless permitted_to?(:#{ReadAllPrivilege})
|
|
238
240
|
return no_acl_#{method_name}
|
|
239
241
|
end
|
|
240
242
|
def #{method_name}=(value)
|
|
241
|
-
permitted_to!(:write_#{method_name}) unless permitted_to?(:#{
|
|
243
|
+
permitted_to!(:write_#{method_name}) unless permitted_to?(:#{WriteAllPrivilege})
|
|
242
244
|
return no_acl_#{method_name}=(value)
|
|
243
245
|
end
|
|
244
246
|
EOV
|
|
@@ -274,23 +276,7 @@ module Authorization
|
|
|
274
276
|
|
|
275
277
|
# Create helper methods, that can be called from within our code to access
|
|
276
278
|
# variables that are set up during initilization
|
|
277
|
-
|
|
278
|
-
#
|
|
279
|
-
# Determine what privilege to use for read all
|
|
280
|
-
#
|
|
281
|
-
def read_all_privilege
|
|
282
|
-
'#{options[:include_attributes][0][:read_all_privilege].blank? ? 'read' : options[:include_attributes][0][:read_all_privilege]}'
|
|
283
|
-
end
|
|
284
|
-
|
|
285
|
-
#
|
|
286
|
-
# Determine what privilege to use for write all
|
|
287
|
-
#
|
|
288
|
-
def write_all_privilege
|
|
289
|
-
'#{options[:include_attributes][0][:write_all_privilege].blank? ? 'write' : options[:include_attributes][0][:write_all_privilege]}'
|
|
290
|
-
end
|
|
291
|
-
EOV
|
|
292
|
-
|
|
293
|
-
class_eval <<-EOV
|
|
279
|
+
class_eval <<-EOV
|
|
294
280
|
#
|
|
295
281
|
# Method to return the white list
|
|
296
282
|
#
|
|
@@ -312,7 +298,7 @@ module Authorization
|
|
|
312
298
|
class_eval "begin; alias_method :no_acl_#{name}, :#{name};rescue;end #Alias-Methods - put acl stuff into method-chain
|
|
313
299
|
begin; alias_method :no_acl_#{name}=, :#{name}=; rescue; end
|
|
314
300
|
def #{name} #Define getters / setter with ACL-Checks
|
|
315
|
-
permitted_to!(:read_#{name}) if !permitted_to?(:#{
|
|
301
|
+
permitted_to!(:read_#{name}) if !permitted_to?(:#{ReadAllPrivilege});
|
|
316
302
|
if(respond_to? 'no_acl_#{name}')
|
|
317
303
|
return no_acl_#{name}
|
|
318
304
|
else
|
|
@@ -320,7 +306,7 @@ module Authorization
|
|
|
320
306
|
end
|
|
321
307
|
end" unless name.to_s == self.primary_key.to_s || whitelist.include?(name.to_sym) || application_default_attributes.include?(name.to_sym) || !options[:include_read] # Do not do reads, unless told so
|
|
322
308
|
class_eval %{def #{name}=(n)
|
|
323
|
-
permitted_to!(:write_#{name}) if !permitted_to?(:#{
|
|
309
|
+
permitted_to!(:write_#{name}) if !permitted_to?(:#{WriteAllPrivilege});
|
|
324
310
|
if(respond_to? 'no_acl_#{name}=')
|
|
325
311
|
return no_acl_#{name}=(n)
|
|
326
312
|
else
|
|
@@ -379,7 +365,7 @@ module Authorization
|
|
|
379
365
|
# Returns a hash of key, value paris that are readable
|
|
380
366
|
#
|
|
381
367
|
def readable_attributes
|
|
382
|
-
return attributes if permitted_to?(
|
|
368
|
+
return attributes if permitted_to?(ReadAllPrivilege)
|
|
383
369
|
attributes.reject do |k,v|
|
|
384
370
|
!allowed?(:read, k)
|
|
385
371
|
end
|
|
@@ -389,7 +375,7 @@ module Authorization
|
|
|
389
375
|
# Returns a hash of key, value paris that are showable, excluding application_default_attributes
|
|
390
376
|
#
|
|
391
377
|
def showable_attributes
|
|
392
|
-
return attributes if permitted_to?(
|
|
378
|
+
return attributes if permitted_to?(ReadAllPrivilege)
|
|
393
379
|
attributes.reject do |k,v|
|
|
394
380
|
!allowed?(:read, k, true)
|
|
395
381
|
end
|
|
@@ -399,7 +385,7 @@ module Authorization
|
|
|
399
385
|
# Returns a hash of key, value paris that are writable
|
|
400
386
|
#
|
|
401
387
|
def writable_attributes
|
|
402
|
-
return attributes if permitted_to?(
|
|
388
|
+
return attributes if permitted_to?(WriteAllPrivilege)
|
|
403
389
|
attributes.reject do |k,v|
|
|
404
390
|
!allowed?(:write, k)
|
|
405
391
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: declarative_authorization-dta
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
|
|
4
|
+
hash: 25
|
|
5
|
+
prerelease: false
|
|
6
|
+
segments:
|
|
7
|
+
- 0
|
|
8
|
+
- 1
|
|
9
|
+
- 1
|
|
10
|
+
version: 0.1.1
|
|
5
11
|
platform: ruby
|
|
6
12
|
authors:
|
|
7
13
|
- Jan Luehr
|
|
@@ -9,19 +15,25 @@ autorequire:
|
|
|
9
15
|
bindir: bin
|
|
10
16
|
cert_chain: []
|
|
11
17
|
|
|
12
|
-
date: 2010-09-
|
|
18
|
+
date: 2010-09-10 00:00:00 +02:00
|
|
13
19
|
default_executable:
|
|
14
20
|
dependencies:
|
|
15
21
|
- !ruby/object:Gem::Dependency
|
|
16
22
|
name: rails
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
23
|
+
prerelease: false
|
|
24
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
|
25
|
+
none: false
|
|
20
26
|
requirements:
|
|
21
27
|
- - ">="
|
|
22
28
|
- !ruby/object:Gem::Version
|
|
29
|
+
hash: 11
|
|
30
|
+
segments:
|
|
31
|
+
- 2
|
|
32
|
+
- 1
|
|
33
|
+
- 0
|
|
23
34
|
version: 2.1.0
|
|
24
|
-
|
|
35
|
+
type: :runtime
|
|
36
|
+
version_requirements: *id001
|
|
25
37
|
description:
|
|
26
38
|
email: yanosz@gmx.net
|
|
27
39
|
executables: []
|
|
@@ -86,21 +98,29 @@ rdoc_options: []
|
|
|
86
98
|
require_paths:
|
|
87
99
|
- lib
|
|
88
100
|
required_ruby_version: !ruby/object:Gem::Requirement
|
|
101
|
+
none: false
|
|
89
102
|
requirements:
|
|
90
103
|
- - ">="
|
|
91
104
|
- !ruby/object:Gem::Version
|
|
105
|
+
hash: 59
|
|
106
|
+
segments:
|
|
107
|
+
- 1
|
|
108
|
+
- 8
|
|
109
|
+
- 6
|
|
92
110
|
version: 1.8.6
|
|
93
|
-
version:
|
|
94
111
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
112
|
+
none: false
|
|
95
113
|
requirements:
|
|
96
114
|
- - ">="
|
|
97
115
|
- !ruby/object:Gem::Version
|
|
116
|
+
hash: 3
|
|
117
|
+
segments:
|
|
118
|
+
- 0
|
|
98
119
|
version: "0"
|
|
99
|
-
version:
|
|
100
120
|
requirements: []
|
|
101
121
|
|
|
102
122
|
rubyforge_project:
|
|
103
|
-
rubygems_version: 1.3.
|
|
123
|
+
rubygems_version: 1.3.7
|
|
104
124
|
signing_key:
|
|
105
125
|
specification_version: 3
|
|
106
126
|
summary: declarative_authorization is a Rails plugin for authorization based on readable authorization rules.
|