declarative_authorization-dta 0.1.1 → 0.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/CHANGELOG +1 -0
- data/app/views/authorization_rules/_show_graph.erb +7 -0
- data/app/views/authorization_rules/graph.html.erb +7 -0
- data/config/routes.rb +19 -9
- data/lib/declarative_authorization/authorization.rb +1 -1
- data/lib/declarative_authorization/in_model.rb +25 -11
- data/test/test_helper.rb +1 -1
- metadata +8 -8
data/CHANGELOG
CHANGED
|
@@ -1,4 +1,11 @@
|
|
|
1
1
|
<% javascript_tag do %>
|
|
2
|
+
if (typeof Prototype != 'object') {
|
|
3
|
+
//load up prototype... it's needed here
|
|
4
|
+
var s = document.createElement('script');
|
|
5
|
+
s.setAttribute('src','http://ajax.googleapis.com/ajax/libs/prototype/1.6.0.3/prototype.js');
|
|
6
|
+
document.getElementsByTagName('body')[0].appendChild(s);
|
|
7
|
+
}
|
|
8
|
+
|
|
2
9
|
function show_graph (privilege, context, user_ids) {
|
|
3
10
|
var params = {
|
|
4
11
|
privilege_hierarchy: 1,
|
|
@@ -3,6 +3,13 @@
|
|
|
3
3
|
<p><%= navigation %></p>
|
|
4
4
|
|
|
5
5
|
<% javascript_tag do %>
|
|
6
|
+
if (typeof Prototype != 'object') {
|
|
7
|
+
//load up prototype... it's needed here
|
|
8
|
+
var s = document.createElement('script');
|
|
9
|
+
s.setAttribute('src','http://ajax.googleapis.com/ajax/libs/prototype/1.6.0.3/prototype.js');
|
|
10
|
+
document.getElementsByTagName('body')[0].appendChild(s);
|
|
11
|
+
}
|
|
12
|
+
|
|
6
13
|
function update_graph (form) {
|
|
7
14
|
base_url = "<%= url_for :format => 'svg' %>";
|
|
8
15
|
$('graph').data = base_url + '?' + form.serialize();
|
data/config/routes.rb
CHANGED
|
@@ -1,10 +1,20 @@
|
|
|
1
|
-
|
|
2
|
-
|
|
3
|
-
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
1
|
+
if Authorization::activate_authorization_rules_browser?
|
|
2
|
+
if Rails.respond_to?(:application)
|
|
3
|
+
Rails.application.routes.draw do
|
|
4
|
+
resources :authorization_rules, :only => [:index] do
|
|
5
|
+
collection do
|
|
6
|
+
get :graph
|
|
7
|
+
get :change
|
|
8
|
+
get :suggest_change
|
|
9
|
+
end
|
|
10
|
+
end
|
|
11
|
+
resources :authorization_usages, :only => :index
|
|
12
|
+
end
|
|
13
|
+
else
|
|
14
|
+
ActionController::Routing::Routes.draw do |map|
|
|
15
|
+
map.resources :authorization_rules, :only => [:index],
|
|
16
|
+
:collection => {:graph => :get, :change => :get, :suggest_change => :get}
|
|
17
|
+
map.resources :authorization_usages, :only => :index
|
|
18
|
+
end
|
|
9
19
|
end
|
|
10
|
-
end
|
|
20
|
+
end
|
|
@@ -20,7 +20,7 @@ module Authorization
|
|
|
20
20
|
# The exception is raised to ensure that the entire rule is invalidated.
|
|
21
21
|
class NilAttributeValueError < AuthorizationError; end
|
|
22
22
|
|
|
23
|
-
AUTH_DSL_FILES = [(Rails.root ||
|
|
23
|
+
AUTH_DSL_FILES = [Pathname.new(Rails.root || '').join("config", "authorization_rules.rb").to_s] unless defined? AUTH_DSL_FILES
|
|
24
24
|
|
|
25
25
|
# Controller-independent method for retrieving the current user.
|
|
26
26
|
# Needed for model security where the current controller is not available.
|
|
@@ -5,8 +5,6 @@ require File.dirname(__FILE__) + '/obligation_scope.rb'
|
|
|
5
5
|
module Authorization
|
|
6
6
|
|
|
7
7
|
module AuthorizationInModel
|
|
8
|
-
ReadAllPrivilege = :read
|
|
9
|
-
WriteAllPrivilege = :write
|
|
10
8
|
|
|
11
9
|
# If the user meets the given privilege, permitted_to? returns true
|
|
12
10
|
# and yields to the optional block.
|
|
@@ -51,7 +49,7 @@ module Authorization
|
|
|
51
49
|
return false unless [:read, :write].include?(mode)
|
|
52
50
|
|
|
53
51
|
# Variables needed to make checks
|
|
54
|
-
access_all_columns_sym = (mode == :read) ?
|
|
52
|
+
access_all_columns_sym = (mode == :read) ? self.class.read_all_privilege.to_sym : self.class.write_all_privilege.to_sym
|
|
55
53
|
whitelist_sym = (mode == :read) ? attribute.to_sym : (attribute + '=').to_sym
|
|
56
54
|
acl_sym = (mode == :read) ? ('read_' + attribute).to_sym : ('write_' + attribute).to_sym
|
|
57
55
|
|
|
@@ -236,11 +234,11 @@ module Authorization
|
|
|
236
234
|
instance_eval <<-EOV
|
|
237
235
|
|
|
238
236
|
def #{method_name}
|
|
239
|
-
permitted_to!(:read_#{method_name}) unless permitted_to?(:#{
|
|
237
|
+
permitted_to!(:read_#{method_name}) unless permitted_to?(:#{read_all_privilege})
|
|
240
238
|
return no_acl_#{method_name}
|
|
241
239
|
end
|
|
242
240
|
def #{method_name}=(value)
|
|
243
|
-
permitted_to!(:write_#{method_name}) unless permitted_to?(:#{
|
|
241
|
+
permitted_to!(:write_#{method_name}) unless permitted_to?(:#{write_all_privilege})
|
|
244
242
|
return no_acl_#{method_name}=(value)
|
|
245
243
|
end
|
|
246
244
|
EOV
|
|
@@ -276,7 +274,23 @@ module Authorization
|
|
|
276
274
|
|
|
277
275
|
# Create helper methods, that can be called from within our code to access
|
|
278
276
|
# variables that are set up during initilization
|
|
279
|
-
|
|
277
|
+
instance_eval <<-EOV
|
|
278
|
+
#
|
|
279
|
+
# Determine what privilege to use for read all
|
|
280
|
+
#
|
|
281
|
+
def read_all_privilege
|
|
282
|
+
'#{options[:include_attributes][0][:read_all_privilege].blank? ? 'read' : options[:include_attributes][0][:read_all_privilege]}'
|
|
283
|
+
end
|
|
284
|
+
|
|
285
|
+
#
|
|
286
|
+
# Determine what privilege to use for write all
|
|
287
|
+
#
|
|
288
|
+
def write_all_privilege
|
|
289
|
+
'#{options[:include_attributes][0][:write_all_privilege].blank? ? 'write' : options[:include_attributes][0][:write_all_privilege]}'
|
|
290
|
+
end
|
|
291
|
+
EOV
|
|
292
|
+
|
|
293
|
+
class_eval <<-EOV
|
|
280
294
|
#
|
|
281
295
|
# Method to return the white list
|
|
282
296
|
#
|
|
@@ -298,7 +312,7 @@ module Authorization
|
|
|
298
312
|
class_eval "begin; alias_method :no_acl_#{name}, :#{name};rescue;end #Alias-Methods - put acl stuff into method-chain
|
|
299
313
|
begin; alias_method :no_acl_#{name}=, :#{name}=; rescue; end
|
|
300
314
|
def #{name} #Define getters / setter with ACL-Checks
|
|
301
|
-
permitted_to!(:read_#{name}) if !permitted_to?(:#{
|
|
315
|
+
permitted_to!(:read_#{name}) if !permitted_to?(:#{read_all_privilege});
|
|
302
316
|
if(respond_to? 'no_acl_#{name}')
|
|
303
317
|
return no_acl_#{name}
|
|
304
318
|
else
|
|
@@ -306,7 +320,7 @@ module Authorization
|
|
|
306
320
|
end
|
|
307
321
|
end" unless name.to_s == self.primary_key.to_s || whitelist.include?(name.to_sym) || application_default_attributes.include?(name.to_sym) || !options[:include_read] # Do not do reads, unless told so
|
|
308
322
|
class_eval %{def #{name}=(n)
|
|
309
|
-
permitted_to!(:write_#{name}) if !permitted_to?(:#{
|
|
323
|
+
permitted_to!(:write_#{name}) if !permitted_to?(:#{write_all_privilege});
|
|
310
324
|
if(respond_to? 'no_acl_#{name}=')
|
|
311
325
|
return no_acl_#{name}=(n)
|
|
312
326
|
else
|
|
@@ -365,7 +379,7 @@ module Authorization
|
|
|
365
379
|
# Returns a hash of key, value paris that are readable
|
|
366
380
|
#
|
|
367
381
|
def readable_attributes
|
|
368
|
-
return attributes if permitted_to?(
|
|
382
|
+
return attributes if permitted_to?(self.class.read_all_privilege.to_sym)
|
|
369
383
|
attributes.reject do |k,v|
|
|
370
384
|
!allowed?(:read, k)
|
|
371
385
|
end
|
|
@@ -375,7 +389,7 @@ module Authorization
|
|
|
375
389
|
# Returns a hash of key, value paris that are showable, excluding application_default_attributes
|
|
376
390
|
#
|
|
377
391
|
def showable_attributes
|
|
378
|
-
return attributes if permitted_to?(
|
|
392
|
+
return attributes if permitted_to?(self.class.read_all_privilege.to_sym)
|
|
379
393
|
attributes.reject do |k,v|
|
|
380
394
|
!allowed?(:read, k, true)
|
|
381
395
|
end
|
|
@@ -385,7 +399,7 @@ module Authorization
|
|
|
385
399
|
# Returns a hash of key, value paris that are writable
|
|
386
400
|
#
|
|
387
401
|
def writable_attributes
|
|
388
|
-
return attributes if permitted_to?(
|
|
402
|
+
return attributes if permitted_to?(self.class.write_all_privilege.to_sym)
|
|
389
403
|
attributes.reject do |k,v|
|
|
390
404
|
!allowed?(:write, k)
|
|
391
405
|
end
|
data/test/test_helper.rb
CHANGED
|
@@ -14,7 +14,7 @@ unless defined?(ActiveRecord)
|
|
|
14
14
|
require File.join(RAILS_ROOT, 'config', 'environment.rb')
|
|
15
15
|
else
|
|
16
16
|
# simply use installed gems if available
|
|
17
|
-
version_requirement = ENV['RAILS_VERSION'] ? "= #{ENV['RAILS_VERSION']}" : "
|
|
17
|
+
version_requirement = ENV['RAILS_VERSION'] ? "= #{ENV['RAILS_VERSION']}" : "~> 2.3.0"
|
|
18
18
|
puts "Using Rails from RubyGems (#{version_requirement || "default"})"
|
|
19
19
|
require 'rubygems'
|
|
20
20
|
%w{actionpack activerecord activesupport rails}.each do |gem_name|
|
metadata
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: declarative_authorization-dta
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
hash:
|
|
4
|
+
hash: 29
|
|
5
5
|
prerelease: false
|
|
6
6
|
segments:
|
|
7
7
|
- 0
|
|
8
8
|
- 1
|
|
9
|
-
-
|
|
10
|
-
version: 0.1.
|
|
9
|
+
- 3
|
|
10
|
+
version: 0.1.3
|
|
11
11
|
platform: ruby
|
|
12
12
|
authors:
|
|
13
13
|
- Jan Luehr
|
|
@@ -15,7 +15,7 @@ autorequire:
|
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
17
|
|
|
18
|
-
date: 2010-09-
|
|
18
|
+
date: 2010-09-16 00:00:00 +02:00
|
|
19
19
|
default_executable:
|
|
20
20
|
dependencies:
|
|
21
21
|
- !ruby/object:Gem::Dependency
|
|
@@ -24,14 +24,14 @@ dependencies:
|
|
|
24
24
|
requirement: &id001 !ruby/object:Gem::Requirement
|
|
25
25
|
none: false
|
|
26
26
|
requirements:
|
|
27
|
-
- -
|
|
27
|
+
- - ~>
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
|
-
hash:
|
|
29
|
+
hash: 3
|
|
30
30
|
segments:
|
|
31
31
|
- 2
|
|
32
|
-
-
|
|
32
|
+
- 3
|
|
33
33
|
- 0
|
|
34
|
-
version: 2.
|
|
34
|
+
version: 2.3.0
|
|
35
35
|
type: :runtime
|
|
36
36
|
version_requirements: *id001
|
|
37
37
|
description:
|