id_please 0.3.3 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.rdoc +5 -5
- data/VERSION +1 -1
- data/id_please.gemspec +1 -1
- data/lib/id_please/model_extensions/for_group.rb +34 -6
- data/test/debug.log +41920 -0
- data/test/roles_test.rb +20 -0
- metadata +1 -1
data/README.rdoc
CHANGED
|
@@ -10,11 +10,11 @@ User and Groups can be the subject of a role by assigning them.. Each role has a
|
|
|
10
10
|
|
|
11
11
|
One specified name for roles is privileged (by default "Member"). If a subject is assigned to be a "Member" of another group, then when the subject is checked for whether it has a role, it checks both itself and all parent groups for whether it passes.
|
|
12
12
|
|
|
13
|
-
User: acts_as_authorization_subject
|
|
14
|
-
Group: acts_as_authorization_group
|
|
15
|
-
Assignment: acts_as_authorization_assignment
|
|
16
|
-
Role: acts_as_authorization_role
|
|
17
|
-
Object (can have roles): acts_as_authorization_object
|
|
13
|
+
* User: acts_as_authorization_subject
|
|
14
|
+
* Group: acts_as_authorization_group
|
|
15
|
+
* Assignment: acts_as_authorization_assignment
|
|
16
|
+
* Role: acts_as_authorization_role
|
|
17
|
+
* Object (can have roles): acts_as_authorization_object
|
|
18
18
|
|
|
19
19
|
|
|
20
20
|
By default, users can belong to groups, and those groups can have groups as well. This makes the checking db-query intensive (n+1 queries, where n is the number of level of parent groups for the current user). While these queries are quick, you can disable groups (and group nesting), to cut down on this. (currently not fully tested, use at own risk.)
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.
|
|
1
|
+
0.4.0
|
data/id_please.gemspec
CHANGED
|
@@ -1,19 +1,47 @@
|
|
|
1
1
|
module IdPlease
|
|
2
2
|
module ModelExtensions
|
|
3
3
|
module ForGroup
|
|
4
|
+
|
|
4
5
|
def children(*args)
|
|
5
6
|
options = args.extract_options!
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
7
|
+
roles = options[:roles] || [_auth_group_role]
|
|
8
|
+
view = options[:view] || :subjects
|
|
9
|
+
|
|
10
|
+
role_hash = {}
|
|
11
|
+
subject_hash = {}
|
|
12
|
+
|
|
13
|
+
assignments = if roles == :any
|
|
14
|
+
_auth_assign_class.role_authorizable_eq(self).all(:include => [:subject, :role])
|
|
15
|
+
else
|
|
16
|
+
_auth_assign_class.role_name_eq(*roles.collect(&:to_s)).role_authorizable_eq(self).all(:include => [:subject, :role])
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
assignments.each do |a|
|
|
20
|
+
name, subject = a.role.name.to_sym, a.subject
|
|
21
|
+
role_hash.has_key?(name) ? role_hash[name] << subject : role_hash[name] = [subject]
|
|
22
|
+
subject_hash.has_key?(subject) ? subject_hash[subject] << name : subject_hash[subject] = [name]
|
|
23
|
+
|
|
24
|
+
if _auth_nested_groups == true && options[:nested] != false && subject._auth_is_group == true
|
|
25
|
+
children = subject.children
|
|
26
|
+
role_hash[name] |= children
|
|
27
|
+
children.each { |child| subject_hash.has_key?(child) ? subject_hash[child] << name : subject_hash[child] = [name]}
|
|
11
28
|
end
|
|
12
29
|
end
|
|
13
30
|
|
|
14
|
-
|
|
31
|
+
case view
|
|
32
|
+
when :subjects
|
|
33
|
+
subject_hash.keys
|
|
34
|
+
when :subject_hash
|
|
35
|
+
subject_hash
|
|
36
|
+
when :roles
|
|
37
|
+
role_hash.keys
|
|
38
|
+
when :role_hash
|
|
39
|
+
role_hash
|
|
40
|
+
end
|
|
41
|
+
|
|
15
42
|
end
|
|
16
43
|
|
|
44
|
+
|
|
17
45
|
def has_role!(role_name, object = nil)
|
|
18
46
|
if object && object.kind_of?(self.class) && role_name.to_s == _auth_group_role && self.children.include?(object)
|
|
19
47
|
raise "Attempt to make circular membership loop"
|