declarative_authorization 0.5.5 → 0.5.6

data/CHANGELOG

@@ -1,3 +1,13 @@
+** RELEASE 0.5.6 (Sep 23, 2012)
+
+* Fix handling of stray object associations [jhawthorn]
+
+* Improve test infrastructure [jhawthorn]
+
+* Allow decl_auth to be used without ActiveRecord [bterkuile]
+
+* Rule reloading in development based on changes [urkle/sb]
+
 ** RELEASE 0.5.5 (Jan 10, 2012)
 
 * Update of handling of association proxies for Rails 3.2

data/README.rdoc

@@ -242,7 +242,7 @@ the conditions for manual rewrites.
 == Authorization Rules
 
 Authorization rules are defined in config/authorization_rules.rb
-(Or redefine rules files path via +Authorization::AUTH_RULE_FILES+).  E.g.
+(Or redefine rules files path via +Authorization::AUTH_DSL_FILES+).  E.g.
 
     authorization do
       role :admin do
@@ -515,8 +515,10 @@ sbartsch at tzi.org
 
 Thanks to John Joseph Bachir, Dennis Blöte, Eike Carls, Damian Caruso, Kai Chen, Erik Dahlstrand,
 Jeroen van Dijk, Alexander Dobriakov, Sebastian Dyck, Ari Epstein, Jeremy Friesen,
-Tim Harper, John Hawthorn, hollownest, Daniel Kristensen, Jeremy Kleindl, Brad Langhorst, Brian Langenfeld,
-Georg Ledermann, Geoff Longman, Olly Lylo, Mark Mansour, Thomas Maurer, Tyler Pickett, Edward Rudd, Sharagoz,
+Tim Harper, John Hawthorn, hollownest, Daniel Kristensen, Jeremy Kleindl,
+Benjamin ter Kuile, Brad Langhorst, Brian Langenfeld,
+Georg Ledermann, Geoff Longman, Olly Lylo, Mark Mansour, Thomas Maurer, Kevin Moore,
+Tyler Pickett, Edward Rudd, Sharagoz,
 TJ Singleton, Mike Vincent, Joel Westerberg
 
 

data/Rakefile

@@ -2,12 +2,30 @@ require 'rake'
 require 'rake/testtask'
 require 'rake/rdoctask'
 
-desc 'Default: run unit tests.'
-task :default => :test
+desc 'Default: run unit tests against all versions.'
+task :default => 'bundles:test'
+
+def run_for_bundles cmd
+  Dir['gemfiles/*.gemfile'].each do |gemfile|
+    puts "\n#{gemfile}: #{cmd}"
+    ENV['BUNDLE_GEMFILE'] = gemfile
+    system(cmd)
+  end
+end
+
+task 'bundles:install' do
+  run_for_bundles 'bundle install'
+end
+task 'bundles:update' do
+  run_for_bundles 'bundle update'
+end
+task 'bundles:test' do
+  run_for_bundles 'bundle exec rake test'
+end
 
 desc 'Test the authorization plugin.'
 Rake::TestTask.new(:test) do |t|
-  t.libs << 'lib'
+  t.libs << 'lib' << 'test'
   t.pattern = 'test/**/*_test.rb'
   t.verbose = true
 end

data/lib/declarative_authorization.rb

@@ -1,8 +1,10 @@
 require File.join(%w{declarative_authorization rails_legacy})
 require File.join(%w{declarative_authorization helper})
 require File.join(%w{declarative_authorization in_controller})
-require File.join(%w{declarative_authorization in_model})
-require File.join(%w{declarative_authorization obligation_scope})
+if defined?(ActiveRecord)
+  require File.join(%w{declarative_authorization in_model})
+  require File.join(%w{declarative_authorization obligation_scope})
+end
 
 min_rails_version = "2.1.0"
 if Rails::VERSION::STRING < min_rails_version
@@ -14,4 +16,4 @@ require File.join(%w{declarative_authorization railsengine}) if defined?(::Rails
 ActionController::Base.send :include, Authorization::AuthorizationInController
 ActionController::Base.helper Authorization::AuthorizationHelper
 
-ActiveRecord::Base.send :include, Authorization::AuthorizationInModel
+ActiveRecord::Base.send :include, Authorization::AuthorizationInModel if defined?(ActiveRecord)

data/lib/declarative_authorization/authorization.rb

@@ -164,7 +164,7 @@ module Authorization
       # Example: permit!( :edit, :object => user.posts )
       #
       if Authorization.is_a_association_proxy?(options[:object]) && options[:object].respond_to?(:new)
-        options[:object] = options[:object].new
+        options[:object] = (Rails.version < "3.0" ? options[:object] : options[:object].scoped).new
       end
       
       options[:context] ||= options[:object] && (
@@ -233,6 +233,8 @@ module Authorization
 
       permit!(privilege, :skip_attribute_test => true, :user => user, :context => options[:context])
       
+      return [] if roles.is_a?(Array) and not (roles & omnipotent_roles).empty?
+      
       attr_validator = AttributeValidator.new(self, user, nil, privilege, options[:context])
       matching_auth_rules(roles, privileges, options[:context]).collect do |rule|
         rule.obligations(attr_validator)
@@ -275,12 +277,23 @@ module Authorization
     def roles_with_hierarchy_for(user)
       flatten_roles(roles_for(user))
     end
-    
+
+    def self.development_reload?
+      if Rails.env.development?
+        mod_time = AUTH_DSL_FILES.map { |m| File.mtime(m) rescue Time.at(0) }.flatten.max
+        @@auth_dsl_last_modified ||= mod_time
+        if mod_time > @@auth_dsl_last_modified
+          @@auth_dsl_last_modified = mod_time
+          return true
+        end
+      end
+    end
+
     # Returns an instance of Engine, which is created if there isn't one
     # yet.  If +dsl_file+ is given, it is passed on to Engine.new and 
     # a new instance is always created.
     def self.instance (dsl_file = nil)
-      if dsl_file
+      if dsl_file or development_reload?
         @@instance = new(dsl_file)
       else
         @@instance ||= new

data/lib/declarative_authorization/maintenance.rb

@@ -60,9 +60,10 @@ module Authorization
           end
         rescue Errno::ENOENT
         end
-        controllers = []
-        ObjectSpace.each_object(Class) do |obj|
-          controllers << obj if obj.ancestors.include?(ActionController::Base) and obj != ActionController::Base and obj.name.demodulize != 'ApplicationController'
+        controllers = ObjectSpace.each_object(Class).select do |obj|
+          obj.ancestors.include?(ActionController::Base) &&
+            obj != ActionController::Base &&
+            (!obj.name || obj.name.demodulize != 'ApplicationController')
         end
 
         controllers.inject({}) do |memo, controller|

data/lib/tasks/authorization_tasks.rake

@@ -2,10 +2,10 @@ namespace :auth do
   desc "Lists all privileges used in controllers, views, models"
   task :used_privileges do
     # TODO note where privileges are used
-    require File.join(RAILS_ROOT, 'config', 'boot.rb')
-    require File.join(RAILS_ROOT, 'config', 'environment.rb')
+    require File.join(Rails.root, 'config', 'boot.rb')
+    require File.join(Rails.root, 'config', 'environment.rb')
     controllers = [ApplicationController]
-    Dir.new("#{RAILS_ROOT}/app/controllers").entries.each do |controller_file|
+    Dir.new("#{Rails.root}/app/controllers").entries.each do |controller_file|
       if controller_file =~ /_controller/ 
         controllers << controller_file.gsub(".rb","").camelize.constantize
       end
@@ -24,19 +24,19 @@ namespace :auth do
       all += contr_perms.reject {|cp| cp[0].nil?}.collect {|cp| cp[0..1]}
     end
 
-    model_all = `grep -l "Base\.using_access_control" #{RAILS_ROOT}/config/*.rb #{RAILS_ROOT}/config/initializers/*.rb`.split("\n")
+    model_all = `grep -l "Base\.using_access_control" #{Rails.root}/config/*.rb #{Rails.root}/config/initializers/*.rb`.split("\n")
     if model_all.count > 0
-      model_files = Dir.glob( "#{RAILS_ROOT}/app/models/*.rb").reject do |item|
+      model_files = Dir.glob( "#{Rails.root}/app/models/*.rb").reject do |item|
         item.match(/_observer\.rb/)
       end
     else
-      model_files = `grep -l "^[[:space:]]*using_access_control" #{RAILS_ROOT}/app/models/*.rb`.split("\n")
+      model_files = `grep -l "^[[:space:]]*using_access_control" #{Rails.root}/app/models/*.rb`.split("\n")
     end
     models_with_ac = model_files.collect {|mf| mf.sub(/^.*\//, "").sub(".rb", "").tableize.to_sym}
     model_security_privs = [:create, :read, :update, :delete]
     models_with_ac.each {|m| perms += model_security_privs.collect{|msp| [msp, m]}}
 
-    grep_file_pattern = "#{RAILS_ROOT}/app/models/*.rb #{RAILS_ROOT}/app/views/**/* #{RAILS_ROOT}/app/controllers/*.rb"
+    grep_file_pattern = "#{Rails.root}/app/models/*.rb #{Rails.root}/app/views/**/* #{Rails.root}/app/controllers/*.rb"
     `grep "permitted_to?" #{grep_file_pattern}`.split("\n").each do |ptu|
       file, grep_match = ptu.split(':', 2)
       context = privilege = nil

data/test/authorization_test.rb

@@ -1,4 +1,4 @@
-require File.join(File.dirname(__FILE__), 'test_helper.rb')
+require 'test_helper'
 
 class AuthorizationTest < Test::Unit::TestCase
   
@@ -34,7 +34,7 @@ class AuthorizationTest < Test::Unit::TestCase
       :user => MockUser.new(:test_role))
   end
 
-  def test_permit_elevated_people
+  def test_permit_with_has_omnipotence
     reader = Authorization::Reader::DSLReader.new
     reader.parse %{
       authorization do
@@ -121,6 +121,26 @@ class AuthorizationTest < Test::Unit::TestCase
           :user => MockUser.new(:test_role, :attr => 1))
   end
 
+  def test_obligations_with_omnipotence
+    reader = Authorization::Reader::DSLReader.new
+    reader.parse %{
+      authorization do
+        role :admin do
+          has_omnipotence
+        end
+        role :test_role do
+          has_permission_on :permissions, :to => :test do
+            if_attribute :attr => is { user.attr }
+          end
+        end
+      end
+    }
+    engine = Authorization::Engine.new(reader)
+    assert_equal [],
+      engine.obligations(:test, :context => :permissions,
+          :user => MockUser.new(:test_role, :admin, :attr => 1))
+  end
+
   def test_obligations_with_anded_conditions
     reader = Authorization::Reader::DSLReader.new
     reader.parse %{

data/test/controller_filter_resource_access_test.rb

@@ -1,4 +1,4 @@
-require File.join(File.dirname(__FILE__), 'test_helper.rb')
+require 'test_helper'
 
 class BasicResource < MockDataObject
   def self.name

data/test/controller_test.rb

@@ -1,4 +1,4 @@
-require File.join(File.dirname(__FILE__), 'test_helper.rb')
+require 'test_helper'
 
 
 class LoadMockObject < MockDataObject
@@ -477,4 +477,4 @@ class DeepNameSpacedControllerTest < ActionController::TestCase
     request!(MockUser.new(:prohibited_role), "update", reader)
     assert !@controller.authorized?
   end
-end
+end

data/test/database.yml

@@ -0,0 +1,3 @@
+test:
+  adapter: sqlite3
+  database: ":memory:"

data/test/dsl_reader_test.rb

@@ -1,4 +1,4 @@
-require File.join(File.dirname(__FILE__), 'test_helper.rb')
+require 'test_helper'
 
 class DSLReaderTest < Test::Unit::TestCase
   def test_privileges

data/test/helper_test.rb

@@ -1,4 +1,4 @@
-require File.join(File.dirname(__FILE__), 'test_helper.rb')
+require 'test_helper'
 require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization helper})
 
 
@@ -244,4 +244,4 @@ class HelperTest < ActionController::TestCase
     end
     assert block_evaled
   end
-end
+end

data/test/maintenance_test.rb

@@ -1,4 +1,4 @@
-require File.join(File.dirname(__FILE__), 'test_helper.rb')
+require 'test_helper'
 require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization maintenance})
 
 class MaintenanceTest < Test::Unit::TestCase
@@ -43,4 +43,4 @@ class MaintenanceTest < Test::Unit::TestCase
     end
   end
 
-end
+end

data/test/model_test.rb

@@ -1,4 +1,4 @@
-require File.join(File.dirname(__FILE__), 'test_helper.rb')
+require 'test_helper'
 require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization in_model})
 
 ActiveRecord::Base.send :include, Authorization::AuthorizationInModel
@@ -26,6 +26,8 @@ class TestModel < ActiveRecord::Base
     :class_name => "TestAttrThrough", :source => :test_attr_throughs,
     :conditions => "test_attrs.attr = 1"
 
+  attr_accessible :content, :test_attr_through_id, :country_id
+
   # TODO currently not working in Rails 3
   if Rails.version < "3"
     has_and_belongs_to_many :test_attr_throughs_habtm, :join_table => :test_attrs,
@@ -73,6 +75,9 @@ class TestAttr < ActiveRecord::Base
   has_many :test_attr_throughs
   has_many :test_model_security_model_with_finds
   attr_reader :role_symbols
+  attr_accessible :test_model, :test_another_model, :attr, :branch, :company, :test_attr,
+	  :test_a_third_model, :n_way_join_item, :n_way_join_item_id, :test_attr_through_id, 
+	  :test_model_id, :test_another_model_id
   def initialize (*args)
     @role_symbols = []
     super(*args)
@@ -86,6 +91,7 @@ end
 class TestModelSecurityModel < ActiveRecord::Base
   has_many :test_attrs
   using_access_control
+  attr_accessible :attr, :attr_2, :test_attrs
 end
 class TestModelSecurityModelWithFind < ActiveRecord::Base
   if Rails.version < "3.2"
@@ -97,16 +103,19 @@ class TestModelSecurityModelWithFind < ActiveRecord::Base
   belongs_to :test_attr
   using_access_control :include_read => true, 
     :context => :test_model_security_models
+  attr_accessible :test_attr, :attr
 end
 
 class Branch < ActiveRecord::Base
   has_many :test_attrs
   belongs_to :company
+  attr_accessible :name, :company
 end
 class Company < ActiveRecord::Base
   has_many :test_attrs
   has_many :branches
   belongs_to :country
+  attr_accessible :name, :country, :country_id
 end
 class SmallCompany < Company
   def self.decl_auth_context
@@ -116,6 +125,7 @@ end
 class Country < ActiveRecord::Base
   has_many :test_models
   has_many :companies
+  attr_accessible :name
 end
 
 class NamedScopeModelTest < Test::Unit::TestCase
@@ -1791,6 +1801,7 @@ class ModelTest < Test::Unit::TestCase
     test_model = TestModel.create(:content => "content")
     assert engine.permit?(:read, :object => test_model.test_attrs,
                           :user => MockUser.new(:test_role))
+    assert test_model.test_attrs.empty?
     assert !engine.permit?(:read, :object => TestAttr.new,
                           :user => MockUser.new(:test_role))
     TestModel.delete_all

data/test/test_helper.rb

@@ -1,31 +1,24 @@
 require 'test/unit'
 require 'pathname'
 
-unless defined?(RAILS_ROOT)
-  RAILS_ROOT = ENV['RAILS_ROOT'] ?
-      ENV['RAILS_ROOT'] + "" :
-      File.join(File.dirname(__FILE__), %w{.. .. .. ..})
+ENV['RAILS_ENV'] = 'test'
+
+require 'bundler/setup'
+begin
+  # rails 3
+  require 'rails/all'
+rescue LoadError
+  # rails 2.3
+  %w(action_pack action_controller active_record active_support initializer).each {|f| require f}
 end
+Bundler.require
 
-unless defined?(ActiveRecord)
-  if File.directory? RAILS_ROOT + '/config'
-    puts 'Using config/boot.rb'
-    ENV['RAILS_ENV'] = 'test'
-    require File.join(RAILS_ROOT, 'config', 'environment.rb')
-  else
-    # simply use installed gems if available
-    version_requirement = ENV['RAILS_VERSION'] ? "= #{ENV['RAILS_VERSION']}" : "> 2.1.0"
-    puts "Using Rails from RubyGems (#{version_requirement || "default"})"
-    require 'rubygems'
-    %w{actionpack activerecord activesupport rails}.each do |gem_name|
-      gem gem_name, version_requirement
-    end
-  end
+# rails 2.3 and ruby 1.9.3 fix
+MissingSourceFile::REGEXPS.push([/^cannot load such file -- (.+)$/i, 1])
 
-  unless defined?(Rails)  # needs to be explicit in Rails < 3
-    %w(action_pack action_controller active_record active_support initializer).each {|f| require f}
-  end
-end
+puts "Testing against rails #{Rails::VERSION::STRING}"
+
+RAILS_ROOT = File.dirname(__FILE__)
 
 DA_ROOT = Pathname.new(File.expand_path("..", File.dirname(__FILE__)))
 
@@ -114,10 +107,25 @@ class MocksController < ActionController::Base
 end
 
 if Rails.version < "3"
+  ActiveRecord::Base.establish_connection({:adapter => 'sqlite3', :database => ':memory:'})
   ActionController::Routing::Routes.draw do |map|
     map.connect ':controller/:action/:id'
   end
 else
+  class TestApp
+    class Application < ::Rails::Application
+      config.active_support.deprecation = :stderr
+      database_path = File.expand_path('../database.yml', __FILE__)
+      if Rails.version.start_with? '3.0.'
+        config.paths.config.database database_path
+      else
+        config.paths['config/database'] = database_path
+      end
+      initialize!
+    end
+  end
+  class ApplicationController < ActionController::Base
+  end
   #Rails::Application.routes.draw do
   Rails.application.routes.draw do
     match '/name/spaced_things(/:action)' => 'name/spaced_things'

metadata

@@ -1,12 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: declarative_authorization
 version: !ruby/object:Gem::Version 
-  prerelease: false
+  hash: 7
+  prerelease: 
   segments: 
   - 0
   - 5
-  - 5
-  version: 0.5.5
+  - 6
+  version: 0.5.6
 platform: ruby
 authors: 
 - Steffen Bartsch
@@ -14,8 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2012-01-10 00:00:00 +01:00
-default_executable: 
+date: 2012-09-23 00:00:00 Z
 dependencies: []
 
 description: 
@@ -35,43 +35,43 @@ files:
 - authorization_rules.dist.rb
 - garlic_example.rb
 - init.rb
-- app/controllers/authorization_rules_controller.rb
 - app/controllers/authorization_usages_controller.rb
+- app/controllers/authorization_rules_controller.rb
 - app/helpers/authorization_rules_helper.rb
-- app/views/authorization_usages/index.html.erb
-- app/views/authorization_rules/index.html.erb
-- app/views/authorization_rules/_show_graph.erb
 - app/views/authorization_rules/_change.erb
-- app/views/authorization_rules/_suggestions.erb
-- app/views/authorization_rules/graph.dot.erb
 - app/views/authorization_rules/change.html.erb
 - app/views/authorization_rules/graph.html.erb
+- app/views/authorization_rules/_suggestions.erb
+- app/views/authorization_rules/_show_graph.erb
+- app/views/authorization_rules/index.html.erb
+- app/views/authorization_rules/graph.dot.erb
+- app/views/authorization_usages/index.html.erb
 - config/routes.rb
 - lib/declarative_authorization.rb
+- lib/declarative_authorization/helper.rb
 - lib/declarative_authorization/in_controller.rb
-- lib/declarative_authorization/reader.rb
-- lib/declarative_authorization/rails_legacy.rb
 - lib/declarative_authorization/obligation_scope.rb
 - lib/declarative_authorization/railsengine.rb
-- lib/declarative_authorization/in_model.rb
-- lib/declarative_authorization/helper.rb
-- lib/declarative_authorization/development_support/analyzer.rb
-- lib/declarative_authorization/development_support/change_analyzer.rb
 - lib/declarative_authorization/development_support/change_supporter.rb
+- lib/declarative_authorization/development_support/change_analyzer.rb
 - lib/declarative_authorization/development_support/development_support.rb
+- lib/declarative_authorization/development_support/analyzer.rb
 - lib/declarative_authorization/authorization.rb
+- lib/declarative_authorization/reader.rb
 - lib/declarative_authorization/maintenance.rb
+- lib/declarative_authorization/rails_legacy.rb
+- lib/declarative_authorization/in_model.rb
 - lib/tasks/authorization_tasks.rake
-- test/authorization_test.rb
-- test/schema.sql
-- test/maintenance_test.rb
-- test/model_test.rb
-- test/controller_test.rb
 - test/helper_test.rb
 - test/dsl_reader_test.rb
-- test/controller_filter_resource_access_test.rb
+- test/model_test.rb
+- test/controller_test.rb
+- test/schema.sql
 - test/test_helper.rb
-has_rdoc: true
+- test/database.yml
+- test/maintenance_test.rb
+- test/controller_filter_resource_access_test.rb
+- test/authorization_test.rb
 homepage: http://github.com/stffn/declarative_authorization
 licenses: []
 
@@ -81,25 +81,29 @@ rdoc_options: []
 require_paths: 
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 59
       segments: 
       - 1
       - 8
       - 6
       version: 1.8.6
 required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
   requirements: 
   - - ">="
     - !ruby/object:Gem::Version 
+      hash: 3
       segments: 
       - 0
       version: "0"
 requirements: []
 
 rubyforge_project: 
-rubygems_version: 1.3.6
+rubygems_version: 1.8.15
 signing_key: 
 specification_version: 3
 summary: declarative_authorization is a Rails plugin for maintainable authorization based on readable authorization rules.