eaco 0.8.2 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +3 -3
- data/README.md +19 -11
- data/eaco.gemspec +5 -1
- data/lib/eaco/acl.rb +1 -2
- data/lib/eaco/version.rb +1 -1
- data/spec/eaco/acl_spec.rb +3 -3
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 342302faeb4d72f36078ceb1566c2701481e2005
|
|
4
|
+
data.tar.gz: b6986e43c743934700e081dfe5a497e5a49a5632
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 7aae3bdd2fe862f8c5185b7cd774d1a0e55d2c7592d687d5b40aef388cc14d468c6eea4fbff0648b3ef8ca73bd2a487d05bf50afa3d252380a1074762be5c8a8
|
|
7
|
+
data.tar.gz: 0306f78ebe3b7197dda0afcb44250a56c93e5471af163c6d9d262196c798cb6f0e5e5a42ba52f7bd092cfbc0c50205ef828c7d616b4c4290b3e16d31867d8b9c
|
data/.travis.yml
CHANGED
data/README.md
CHANGED
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
[](http://inch-ci.org/github/ifad/eaco)
|
|
7
7
|
[](http://badge.fury.io/rb/eaco)
|
|
8
8
|
|
|
9
|
-
Eacus, the holder of the keys of Hades, is an
|
|
9
|
+
Eacus, the holder of the keys of Hades, is an Attribute-Based Access Control ([ABAC](https://en.wikipedia.org/wiki/Attribute-based_access_control)) authorization
|
|
10
10
|
framework for Ruby.
|
|
11
11
|
|
|
12
12
|
![Eaco e Telamone][eaco-e-telamone]
|
|
@@ -15,23 +15,31 @@ framework for Ruby.
|
|
|
15
15
|
|
|
16
16
|
## Design
|
|
17
17
|
|
|
18
|
-
Eaco provides your application's Resources discretionary access.
|
|
19
|
-
Access to
|
|
18
|
+
Eaco provides your application's Resources discretionary access based on attributes.
|
|
19
|
+
Access to a Resource by an Actor is determined by checking whether the Actor owns
|
|
20
|
+
the security attributes (Designators) required by the Resource.
|
|
20
21
|
|
|
21
|
-
|
|
22
|
-
|
|
22
|
+
Each Resource protected by Eaco has an ACL attached. ACLs define which security
|
|
23
|
+
attribute grant access to the Resource, and at which level. The level of access
|
|
24
|
+
is expressed in terms of roles. Roles are scoped per Resource types.
|
|
23
25
|
|
|
24
|
-
|
|
25
|
-
|
|
26
|
+
Each Role then describes a set of abilities that it can perform. In your code,
|
|
27
|
+
you check directly whether an Actor has a specific ability on a Resource, and
|
|
28
|
+
all the indirection is then evaluated by Eaco.
|
|
26
29
|
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
30
|
+
## Designators
|
|
31
|
+
|
|
32
|
+
Security attributes are extracted out of Actors through the Designators framework,
|
|
33
|
+
a pluggable mechanism whose details are up to your application.
|
|
34
|
+
|
|
35
|
+
An Actor can have many designators, that describe its identity or its belonging
|
|
36
|
+
to a group or occupying a position in a department.
|
|
31
37
|
|
|
32
38
|
Designators are Ruby classes that can embed any sort of custom behaviour that
|
|
33
39
|
your application requires.
|
|
34
40
|
|
|
41
|
+
## ACLS
|
|
42
|
+
|
|
35
43
|
ACLs are hashes with designators as keys and roles as values. Extracting
|
|
36
44
|
authorized collections requires only an hash key lookup mechanism in your
|
|
37
45
|
database. Adapters are provided for PG's +jsonb+ and for CouchDB-Lucene.
|
data/eaco.gemspec
CHANGED
|
@@ -20,7 +20,11 @@ Gem::Specification.new do |spec|
|
|
|
20
20
|
spec.add_development_dependency "bundler", "~> 1.6"
|
|
21
21
|
spec.add_development_dependency "rake"
|
|
22
22
|
spec.add_development_dependency "byebug"
|
|
23
|
-
|
|
23
|
+
# Starting from version 2.12.7, guard includes listen >= 2.7, and
|
|
24
|
+
# starting from version 3.1.2, listen includes ruby_dep, that
|
|
25
|
+
# works only from Ruby 2.2.3 onwards. However eaco supports 2.0
|
|
26
|
+
# and up.
|
|
27
|
+
spec.add_development_dependency "guard", "< 2.12.7"
|
|
24
28
|
spec.add_development_dependency "yard"
|
|
25
29
|
spec.add_development_dependency "appraisal"
|
|
26
30
|
spec.add_development_dependency "rspec"
|
data/lib/eaco/acl.rb
CHANGED
data/lib/eaco/version.rb
CHANGED
data/spec/eaco/acl_spec.rb
CHANGED
|
@@ -54,16 +54,16 @@ RSpec.describe Eaco::ACL do
|
|
|
54
54
|
describe '#del' do
|
|
55
55
|
let(:designator) { Eaco::Designator.new 'test' }
|
|
56
56
|
|
|
57
|
-
|
|
57
|
+
before { acl.del(designator) }
|
|
58
58
|
|
|
59
59
|
context 'when removing non-existing permissions' do
|
|
60
60
|
let(:acl) { described_class.new }
|
|
61
|
-
it { expect(
|
|
61
|
+
it { expect(acl).to eq({}) }
|
|
62
62
|
end
|
|
63
63
|
|
|
64
64
|
context 'when removing existing permissions' do
|
|
65
65
|
let(:acl) { described_class.new(designator => :editor) }
|
|
66
|
-
it { expect(
|
|
66
|
+
it { expect(acl).to eq({}) }
|
|
67
67
|
end
|
|
68
68
|
end
|
|
69
69
|
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: eaco
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 1.0.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marcello Barnaba
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2016-05-05 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: bundler
|
|
@@ -56,16 +56,16 @@ dependencies:
|
|
|
56
56
|
name: guard
|
|
57
57
|
requirement: !ruby/object:Gem::Requirement
|
|
58
58
|
requirements:
|
|
59
|
-
- - "
|
|
59
|
+
- - "<"
|
|
60
60
|
- !ruby/object:Gem::Version
|
|
61
|
-
version:
|
|
61
|
+
version: 2.12.7
|
|
62
62
|
type: :development
|
|
63
63
|
prerelease: false
|
|
64
64
|
version_requirements: !ruby/object:Gem::Requirement
|
|
65
65
|
requirements:
|
|
66
|
-
- - "
|
|
66
|
+
- - "<"
|
|
67
67
|
- !ruby/object:Gem::Version
|
|
68
|
-
version:
|
|
68
|
+
version: 2.12.7
|
|
69
69
|
- !ruby/object:Gem::Dependency
|
|
70
70
|
name: yard
|
|
71
71
|
requirement: !ruby/object:Gem::Requirement
|