iq-acl 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +6 -0
- data/LICENSE +20 -0
- data/README.rdoc +51 -0
- data/Rakefile +53 -0
- data/VERSION +1 -0
- data/iq-acl.gemspec +58 -0
- data/lib/iq/acl/basic.rb +81 -0
- data/lib/iq/acl.rb +21 -0
- data/lib/iq-acl.rb +1 -0
- data/test/helper.rb +10 -0
- data/test/iq/acl_test.rb +146 -0
- metadata +97 -0
data/.gitignore
ADDED
data/LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2009 Jamie Hill, SonicIQ Ltd.
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.rdoc
ADDED
@@ -0,0 +1,51 @@
|
|
1
|
+
= IQ::ACL
|
2
|
+
|
3
|
+
This aim of this gem is to provide a series of classes to handle common ACL requirements. Currently provided is the IQ::ACL::Basic class which although super simple, is also extremely powerful. Read more about usage on the IQ::ACL::Basic page.
|
4
|
+
|
5
|
+
== Install
|
6
|
+
gem install iq-acl
|
7
|
+
|
8
|
+
== Usage
|
9
|
+
auth = IQ::ACL::Basic.new({
|
10
|
+
'*' => { 'terry' => 'r' },
|
11
|
+
'projects' => { 'jonny' => 'rw' },
|
12
|
+
'projects/private' => { 'billy' => 'rw', 'terry' => nil },
|
13
|
+
'projects/public' => { 'terry' => 'rw', '*' => 'r' }
|
14
|
+
})
|
15
|
+
|
16
|
+
auth.authorize! 'guest', 'projects' #=> raises IQ::ACL::AccessDeniedError
|
17
|
+
auth.authorize! 'jonny', 'projects' #=> 'rw'
|
18
|
+
auth.authorize! 'billy', 'projects' #=> raises IQ::ACL::AccessDeniedError
|
19
|
+
auth.authorize! 'terry', 'projects' #=> 'r'
|
20
|
+
auth.authorize! 'guest', 'projects/private' #=> raises IQ::ACL::AccessDeniedError
|
21
|
+
auth.authorize! 'jonny', 'projects/private' #=> 'rw'
|
22
|
+
auth.authorize! 'billy', 'projects/private' #=> 'rw'
|
23
|
+
auth.authorize! 'terry', 'projects/private' #=> raises IQ::ACL::AccessDeniedError
|
24
|
+
auth.authorize! 'guest', 'projects/public' #=> 'r'
|
25
|
+
auth.authorize! 'jonny', 'projects/public' #=> 'r'
|
26
|
+
auth.authorize! 'billy', 'projects/public' #=> 'r'
|
27
|
+
auth.authorize! 'terry', 'projects/public' #=> 'rw
|
28
|
+
|
29
|
+
# A block may be given to <tt>authorize!</tt> that should return true if
|
30
|
+
# the yielded rights are adequate for the user, for example the following
|
31
|
+
# will raise an IQ::ACL::AccessDeniedError as 'terry' does not have write access
|
32
|
+
# to the 'projects' path. If 'terry' had write access to the 'projects'
|
33
|
+
# path, the exception would not be thrown.
|
34
|
+
|
35
|
+
auth.authorize! 'terry', 'projects' do |rights|
|
36
|
+
rights.include?('w')
|
37
|
+
end
|
38
|
+
|
39
|
+
== Note on Patches/Pull Requests
|
40
|
+
|
41
|
+
* Fork the project.
|
42
|
+
* Make your feature addition or bug fix.
|
43
|
+
* Add tests for it. This is important so I don't break it in a
|
44
|
+
future version unintentionally.
|
45
|
+
* Commit, do not mess with rakefile, version, or history.
|
46
|
+
(if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
|
47
|
+
* Send me a pull request. Bonus points for topic branches.
|
48
|
+
|
49
|
+
== Copyright
|
50
|
+
|
51
|
+
Copyright (c) 2010 Jamie Hill, SonicIQ Ltd.. See LICENSE for details.
|
data/Rakefile
ADDED
@@ -0,0 +1,53 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'rake'
|
3
|
+
|
4
|
+
begin
|
5
|
+
require 'jeweler'
|
6
|
+
Jeweler::Tasks.new do |gem|
|
7
|
+
gem.name = "iq-acl"
|
8
|
+
gem.summary = %Q{Super simple access control.}
|
9
|
+
gem.description = %Q{IQ::ACL provides a super simple way of implementing access control.}
|
10
|
+
gem.email = "jamie@soniciq.com"
|
11
|
+
gem.homepage = "http://github.com/iq/iq-acl"
|
12
|
+
gem.authors = ["Jamie Hill, SonicIQ Ltd."]
|
13
|
+
gem.add_development_dependency "thoughtbot-shoulda", ">= 0"
|
14
|
+
gem.add_development_dependency "yard", ">= 0"
|
15
|
+
# gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
|
16
|
+
end
|
17
|
+
Jeweler::GemcutterTasks.new
|
18
|
+
rescue LoadError
|
19
|
+
puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
|
20
|
+
end
|
21
|
+
|
22
|
+
require 'rake/testtask'
|
23
|
+
Rake::TestTask.new(:test) do |test|
|
24
|
+
test.libs << 'lib' << 'test'
|
25
|
+
test.pattern = 'test/**/*_test.rb'
|
26
|
+
test.verbose = true
|
27
|
+
end
|
28
|
+
|
29
|
+
begin
|
30
|
+
require 'rcov/rcovtask'
|
31
|
+
Rcov::RcovTask.new do |test|
|
32
|
+
test.libs << 'test'
|
33
|
+
test.pattern = 'test/**/*_test.rb'
|
34
|
+
test.verbose = true
|
35
|
+
end
|
36
|
+
rescue LoadError
|
37
|
+
task :rcov do
|
38
|
+
abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
task :test => :check_dependencies
|
43
|
+
|
44
|
+
task :default => :test
|
45
|
+
|
46
|
+
begin
|
47
|
+
require 'yard'
|
48
|
+
YARD::Rake::YardocTask.new
|
49
|
+
rescue LoadError
|
50
|
+
task :yardoc do
|
51
|
+
abort "YARD is not available. In order to run yardoc, you must: sudo gem install yard"
|
52
|
+
end
|
53
|
+
end
|
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
1.0.2
|
data/iq-acl.gemspec
ADDED
@@ -0,0 +1,58 @@
|
|
1
|
+
# Generated by jeweler
|
2
|
+
# DO NOT EDIT THIS FILE DIRECTLY
|
3
|
+
# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
|
4
|
+
# -*- encoding: utf-8 -*-
|
5
|
+
|
6
|
+
Gem::Specification.new do |s|
|
7
|
+
s.name = %q{iq-acl}
|
8
|
+
s.version = "1.0.2"
|
9
|
+
|
10
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
11
|
+
s.authors = ["Jamie Hill, SonicIQ Ltd."]
|
12
|
+
s.date = %q{2010-05-31}
|
13
|
+
s.description = %q{IQ::ACL provides a super simple way of implementing access control.}
|
14
|
+
s.email = %q{jamie@soniciq.com}
|
15
|
+
s.extra_rdoc_files = [
|
16
|
+
"LICENSE",
|
17
|
+
"README.rdoc"
|
18
|
+
]
|
19
|
+
s.files = [
|
20
|
+
".gitignore",
|
21
|
+
"LICENSE",
|
22
|
+
"README.rdoc",
|
23
|
+
"Rakefile",
|
24
|
+
"VERSION",
|
25
|
+
"iq-acl.gemspec",
|
26
|
+
"lib/iq-acl.rb",
|
27
|
+
"lib/iq/acl.rb",
|
28
|
+
"lib/iq/acl/basic.rb",
|
29
|
+
"test/helper.rb",
|
30
|
+
"test/iq/acl_test.rb"
|
31
|
+
]
|
32
|
+
s.homepage = %q{http://github.com/iq/iq-acl}
|
33
|
+
s.rdoc_options = ["--charset=UTF-8"]
|
34
|
+
s.require_paths = ["lib"]
|
35
|
+
s.rubygems_version = %q{1.3.6}
|
36
|
+
s.summary = %q{Super simple access control.}
|
37
|
+
s.test_files = [
|
38
|
+
"test/helper.rb",
|
39
|
+
"test/iq/acl_test.rb"
|
40
|
+
]
|
41
|
+
|
42
|
+
if s.respond_to? :specification_version then
|
43
|
+
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
44
|
+
s.specification_version = 3
|
45
|
+
|
46
|
+
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
|
47
|
+
s.add_development_dependency(%q<thoughtbot-shoulda>, [">= 0"])
|
48
|
+
s.add_development_dependency(%q<yard>, [">= 0"])
|
49
|
+
else
|
50
|
+
s.add_dependency(%q<thoughtbot-shoulda>, [">= 0"])
|
51
|
+
s.add_dependency(%q<yard>, [">= 0"])
|
52
|
+
end
|
53
|
+
else
|
54
|
+
s.add_dependency(%q<thoughtbot-shoulda>, [">= 0"])
|
55
|
+
s.add_dependency(%q<yard>, [">= 0"])
|
56
|
+
end
|
57
|
+
end
|
58
|
+
|
data/lib/iq/acl/basic.rb
ADDED
@@ -0,0 +1,81 @@
|
|
1
|
+
# This class provides a really simple way of handling access control. By simply
|
2
|
+
# supplying a hash of paths with user privileges for each of them, a powerful
|
3
|
+
# ACL system can be created. Wildcards (in this case asterisks) can be used to
|
4
|
+
# denote global rules.
|
5
|
+
#
|
6
|
+
# @example
|
7
|
+
# auth = IQ::ACL::Basic.new({
|
8
|
+
# '*' => { 'terry' => 'r' },
|
9
|
+
# 'projects' => { 'jonny' => 'rw' },
|
10
|
+
# 'projects/private' => { 'billy' => 'rw', 'terry' => nil },
|
11
|
+
# 'projects/public' => { 'terry' => 'rw', '*' => 'r' }
|
12
|
+
# })
|
13
|
+
#
|
14
|
+
# auth.authorize! 'guest', 'projects' #=> raises IQ::ACL::AccessDeniedError
|
15
|
+
# auth.authorize! 'jonny', 'projects' #=> 'rw'
|
16
|
+
# auth.authorize! 'billy', 'projects' #=> raises IQ::ACL::AccessDeniedError
|
17
|
+
# auth.authorize! 'terry', 'projects' #=> 'r'
|
18
|
+
# auth.authorize! 'guest', 'projects/private' #=> raises IQ::ACL::AccessDeniedError
|
19
|
+
# auth.authorize! 'jonny', 'projects/private' #=> 'rw'
|
20
|
+
# auth.authorize! 'billy', 'projects/private' #=> 'rw'
|
21
|
+
# auth.authorize! 'terry', 'projects/private' #=> raises IQ::ACL::AccessDeniedError
|
22
|
+
# auth.authorize! 'guest', 'projects/public' #=> 'r'
|
23
|
+
# auth.authorize! 'jonny', 'projects/public' #=> 'r'
|
24
|
+
# auth.authorize! 'billy', 'projects/public' #=> 'r'
|
25
|
+
# auth.authorize! 'terry', 'projects/public' #=> 'rw
|
26
|
+
#
|
27
|
+
# A block may be given to authorize! that should return true if the yielded
|
28
|
+
# rights are adequate for the user, for example the following will raise an
|
29
|
+
# IQ::ACL::AccessDeniedError as 'terry' does not have write access to the
|
30
|
+
# 'projects' path. If 'terry' had write access to the 'projects' path, the
|
31
|
+
# exception would not be thrown.
|
32
|
+
#
|
33
|
+
# @example
|
34
|
+
# auth.authorize! 'terry', 'projects' do |rights|
|
35
|
+
# rights.include?('w')
|
36
|
+
# end
|
37
|
+
#
|
38
|
+
class IQ::ACL::Basic
|
39
|
+
|
40
|
+
# Returns a new instance to be authenticated against.
|
41
|
+
#
|
42
|
+
# @param [Hash]
|
43
|
+
def initialize(permissions)
|
44
|
+
raise ArgumentError, 'Must supply permissions as a hash' unless permissions.is_a?(Hash)
|
45
|
+
@permissions = permissions
|
46
|
+
end
|
47
|
+
|
48
|
+
# Returns the rights that a user has for a given path. When the user has no
|
49
|
+
# access to the given path, an IQ::ACL::AccessDeniedError is raised. When a
|
50
|
+
# block is given the user rights are yielded as the block parameter and the
|
51
|
+
# block is expected to return true when the rights are sufficient.
|
52
|
+
#
|
53
|
+
# @param [String] user
|
54
|
+
# @param [String] path
|
55
|
+
#
|
56
|
+
# @return [String] the right for the given user
|
57
|
+
def authorize!(user, path)
|
58
|
+
raise ArgumentError, 'Path must be a string' unless path.is_a?(String)
|
59
|
+
|
60
|
+
segments = path.split('/')
|
61
|
+
rights = until segments.empty?
|
62
|
+
if rights = permissions[segments.join('/')]
|
63
|
+
access = rights[user] || rights['*']
|
64
|
+
access_denied! if (rights.has_key?(user) || rights.has_key?('*')) && access.nil?
|
65
|
+
break access if access
|
66
|
+
end
|
67
|
+
segments.pop
|
68
|
+
end || (global = permissions['*']) && (global[user] || global['*']) || access_denied!
|
69
|
+
|
70
|
+
access_denied! if block_given? && (yield(rights) != true)
|
71
|
+
rights
|
72
|
+
end
|
73
|
+
|
74
|
+
private
|
75
|
+
|
76
|
+
attr_reader :permissions
|
77
|
+
|
78
|
+
def access_denied!
|
79
|
+
raise IQ::ACL::AccessDeniedError, 'User does not have access to path'
|
80
|
+
end
|
81
|
+
end
|
data/lib/iq/acl.rb
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
module IQ # :nodoc:
|
2
|
+
module ACL # :nodoc:
|
3
|
+
def self.version
|
4
|
+
VERSION::STRING
|
5
|
+
end
|
6
|
+
|
7
|
+
module VERSION #:nodoc:
|
8
|
+
MAJOR = 1
|
9
|
+
MINOR = 0
|
10
|
+
TINY = 1
|
11
|
+
|
12
|
+
STRING = [MAJOR, MINOR, TINY].join('.')
|
13
|
+
end
|
14
|
+
|
15
|
+
autoload :Basic, File.join(File.dirname(__FILE__), 'acl', 'basic')
|
16
|
+
|
17
|
+
# This error is raised when a user does not have access to a supplied path.
|
18
|
+
class AccessDeniedError < StandardError
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
data/lib/iq-acl.rb
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
require 'iq/acl'
|
data/test/helper.rb
ADDED
data/test/iq/acl_test.rb
ADDED
@@ -0,0 +1,146 @@
|
|
1
|
+
require File.join(File.dirname(__FILE__), '..', 'helper')
|
2
|
+
|
3
|
+
class IQ::ACLTest < Test::Unit::TestCase
|
4
|
+
context "initialize" do
|
5
|
+
should "raise when argument is not a hash" do
|
6
|
+
assert_raise(ArgumentError) { IQ::ACL::Basic.new('not a hash') }
|
7
|
+
end
|
8
|
+
|
9
|
+
should "store supplied hash in instance variable" do
|
10
|
+
assert_equal(
|
11
|
+
{ 'the' => 'permissions' }, IQ::ACL::Basic.new('the' => 'permissions').instance_variable_get('@permissions')
|
12
|
+
)
|
13
|
+
end
|
14
|
+
end
|
15
|
+
|
16
|
+
context "authorize!" do
|
17
|
+
should "respond" do
|
18
|
+
assert_respond_to IQ::ACL::Basic.new({}), :authorize!
|
19
|
+
end
|
20
|
+
|
21
|
+
should "accept username as first argument" do
|
22
|
+
instance = IQ::ACL::Basic.new('the/path' => { 'the user' => true })
|
23
|
+
assert_nothing_raised(ArgumentError) { instance.authorize!('the user', 'the/path') }
|
24
|
+
end
|
25
|
+
|
26
|
+
should "accept path as second argument" do
|
27
|
+
instance = IQ::ACL::Basic.new('the/path' => { 'the user' => true })
|
28
|
+
assert_nothing_raised(ArgumentError) { instance.authorize!('the user', 'the/path') }
|
29
|
+
end
|
30
|
+
|
31
|
+
should "raise when path is not a string" do
|
32
|
+
assert_raise(ArgumentError) { IQ::ACL::Basic.new({}).authorize!('the user', :not_a_string) }
|
33
|
+
end
|
34
|
+
|
35
|
+
should "raise access denied error when no match" do
|
36
|
+
assert_raise(IQ::ACL::AccessDeniedError) { IQ::ACL::Basic.new({}).authorize!('the user', 'will/not/match') }
|
37
|
+
end
|
38
|
+
|
39
|
+
should "raise when user access explicitly set to nil for given path even when a parent privilege set" do
|
40
|
+
instance = IQ::ACL::Basic.new('the' => { 'the user' => 'ok' }, 'the/path' => { 'the user' => nil })
|
41
|
+
assert_raise(IQ::ACL::AccessDeniedError) { instance.authorize!('the user', 'the/path') }
|
42
|
+
end
|
43
|
+
|
44
|
+
should "raise when user access explicitly set to nil for given path even when root global set" do
|
45
|
+
instance = IQ::ACL::Basic.new('*' => { 'the user' => 'ok' }, 'the/path' => { 'the user' => nil })
|
46
|
+
assert_raise(IQ::ACL::AccessDeniedError) { instance.authorize!('the user', 'the/path') }
|
47
|
+
end
|
48
|
+
|
49
|
+
should "raise when user access not known but global set to nil for given path even when parent privilege set" do
|
50
|
+
instance = IQ::ACL::Basic.new('the' => { 'the user' => 'ok' }, 'the/path' => { 'the user' => nil })
|
51
|
+
assert_raise(IQ::ACL::AccessDeniedError) { instance.authorize!('the user', 'the/path') }
|
52
|
+
end
|
53
|
+
|
54
|
+
should "raise when user access not known but global set to nil for given path even when root global set" do
|
55
|
+
instance = IQ::ACL::Basic.new('*' => { 'the user' => 'ok' }, 'the/path' => { '*' => nil })
|
56
|
+
assert_raise(IQ::ACL::AccessDeniedError) { instance.authorize!('the user', 'the/path') }
|
57
|
+
end
|
58
|
+
|
59
|
+
should "return result of direct match in permissions hash with path and user when available" do
|
60
|
+
instance = IQ::ACL::Basic.new('the/path' => { 'the user' => 'the access' })
|
61
|
+
assert_equal 'the access', instance.authorize!('the user', 'the/path')
|
62
|
+
end
|
63
|
+
|
64
|
+
should "return result of direct match in permissions hash with path and user when available special case" do
|
65
|
+
instance = IQ::ACL::Basic.new('projects/rails-site.com' => { 'rails_site' => 'rw' })
|
66
|
+
assert_equal 'rw', instance.authorize!('rails_site', 'projects/rails-site.com')
|
67
|
+
end
|
68
|
+
|
69
|
+
should "return result of direct match in permissions hash with path and star user when user not found" do
|
70
|
+
instance = IQ::ACL::Basic.new('the/path' => { '*' => 'the access' })
|
71
|
+
assert_equal 'the access', instance.authorize!('the user', 'the/path')
|
72
|
+
end
|
73
|
+
|
74
|
+
should "return result of parent match in permissions hash with path and user over global user when no match" do
|
75
|
+
instance = IQ::ACL::Basic.new('the' => { 'the user' => 'the access', '*' => 'global access' })
|
76
|
+
assert_equal 'the access', instance.authorize!('the user', 'the/path')
|
77
|
+
end
|
78
|
+
|
79
|
+
should "return result of parent match in permissions hash with path and star user when user not found" do
|
80
|
+
instance = IQ::ACL::Basic.new('the' => { '*' => 'the access' })
|
81
|
+
assert_equal 'the access', instance.authorize!('the user', 'the/path')
|
82
|
+
end
|
83
|
+
|
84
|
+
should "continue down permissions tree until a match with path and user is found over global access" do
|
85
|
+
instance = IQ::ACL::Basic.new('the/long' => { 'the user' => 'the access', '*' => 'global access' })
|
86
|
+
assert_equal 'the access', instance.authorize!('the user', 'the/long/big/nested/path')
|
87
|
+
end
|
88
|
+
|
89
|
+
should "continue down permissions tree until a match with path and star user when user not found" do
|
90
|
+
instance = IQ::ACL::Basic.new('the/long' => { '*' => 'the access' })
|
91
|
+
assert_equal 'the access', instance.authorize!('the user', 'the/long/big/nested/path')
|
92
|
+
end
|
93
|
+
|
94
|
+
should "return result of user in star entry of permissions hash over star user when no other matches" do
|
95
|
+
instance = IQ::ACL::Basic.new('*' => { 'the user' => 'the access', '*' => 'global access' }, 'other/path' => {})
|
96
|
+
assert_equal 'the access', instance.authorize!('the user', 'the/path')
|
97
|
+
end
|
98
|
+
|
99
|
+
should "return result of star user in star entry of permissions hash when no user match" do
|
100
|
+
instance = IQ::ACL::Basic.new('*' => { '*' => 'the access' }, 'other/path' => {})
|
101
|
+
assert_equal 'the access', instance.authorize!('the user', 'the/path')
|
102
|
+
end
|
103
|
+
|
104
|
+
context "using a block" do
|
105
|
+
should "yield the user rights when block given" do
|
106
|
+
instance = IQ::ACL::Basic.new('the/path' => { 'the user' => 'the access' })
|
107
|
+
the_rights = nil
|
108
|
+
instance.authorize!('the user', 'the/path') do |rights|
|
109
|
+
the_rights = rights
|
110
|
+
true
|
111
|
+
end
|
112
|
+
assert_equal 'the access', the_rights
|
113
|
+
end
|
114
|
+
|
115
|
+
should "raise access denied error if block evaluates to false" do
|
116
|
+
instance = IQ::ACL::Basic.new('the/path' => { 'the user' => 'the access' })
|
117
|
+
|
118
|
+
assert_raise(IQ::ACL::AccessDeniedError) do
|
119
|
+
instance.authorize!('the user', 'the/path') do |rights|
|
120
|
+
false
|
121
|
+
end
|
122
|
+
end
|
123
|
+
end
|
124
|
+
|
125
|
+
should "raise access denied error if block evaluates to anything other than true" do
|
126
|
+
instance = IQ::ACL::Basic.new('the/path' => { 'the user' => 'the access' })
|
127
|
+
|
128
|
+
assert_raise(IQ::ACL::AccessDeniedError) do
|
129
|
+
instance.authorize!('the user', 'the/path') do |rights|
|
130
|
+
'not true'
|
131
|
+
end
|
132
|
+
end
|
133
|
+
end
|
134
|
+
|
135
|
+
should "not raise access denied error when block evaluates to true" do
|
136
|
+
instance = IQ::ACL::Basic.new('the/path' => { 'the user' => 'the access' })
|
137
|
+
|
138
|
+
assert_nothing_raised(IQ::ACL::AccessDeniedError) do
|
139
|
+
instance.authorize!('the user', 'the/path') do |rights|
|
140
|
+
true
|
141
|
+
end
|
142
|
+
end
|
143
|
+
end
|
144
|
+
end
|
145
|
+
end
|
146
|
+
end
|
metadata
ADDED
@@ -0,0 +1,97 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: iq-acl
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
prerelease: false
|
5
|
+
segments:
|
6
|
+
- 1
|
7
|
+
- 0
|
8
|
+
- 2
|
9
|
+
version: 1.0.2
|
10
|
+
platform: ruby
|
11
|
+
authors:
|
12
|
+
- Jamie Hill, SonicIQ Ltd.
|
13
|
+
autorequire:
|
14
|
+
bindir: bin
|
15
|
+
cert_chain: []
|
16
|
+
|
17
|
+
date: 2010-05-31 00:00:00 +01:00
|
18
|
+
default_executable:
|
19
|
+
dependencies:
|
20
|
+
- !ruby/object:Gem::Dependency
|
21
|
+
name: thoughtbot-shoulda
|
22
|
+
prerelease: false
|
23
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
24
|
+
requirements:
|
25
|
+
- - ">="
|
26
|
+
- !ruby/object:Gem::Version
|
27
|
+
segments:
|
28
|
+
- 0
|
29
|
+
version: "0"
|
30
|
+
type: :development
|
31
|
+
version_requirements: *id001
|
32
|
+
- !ruby/object:Gem::Dependency
|
33
|
+
name: yard
|
34
|
+
prerelease: false
|
35
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
36
|
+
requirements:
|
37
|
+
- - ">="
|
38
|
+
- !ruby/object:Gem::Version
|
39
|
+
segments:
|
40
|
+
- 0
|
41
|
+
version: "0"
|
42
|
+
type: :development
|
43
|
+
version_requirements: *id002
|
44
|
+
description: IQ::ACL provides a super simple way of implementing access control.
|
45
|
+
email: jamie@soniciq.com
|
46
|
+
executables: []
|
47
|
+
|
48
|
+
extensions: []
|
49
|
+
|
50
|
+
extra_rdoc_files:
|
51
|
+
- LICENSE
|
52
|
+
- README.rdoc
|
53
|
+
files:
|
54
|
+
- .gitignore
|
55
|
+
- LICENSE
|
56
|
+
- README.rdoc
|
57
|
+
- Rakefile
|
58
|
+
- VERSION
|
59
|
+
- iq-acl.gemspec
|
60
|
+
- lib/iq-acl.rb
|
61
|
+
- lib/iq/acl.rb
|
62
|
+
- lib/iq/acl/basic.rb
|
63
|
+
- test/helper.rb
|
64
|
+
- test/iq/acl_test.rb
|
65
|
+
has_rdoc: true
|
66
|
+
homepage: http://github.com/iq/iq-acl
|
67
|
+
licenses: []
|
68
|
+
|
69
|
+
post_install_message:
|
70
|
+
rdoc_options:
|
71
|
+
- --charset=UTF-8
|
72
|
+
require_paths:
|
73
|
+
- lib
|
74
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
75
|
+
requirements:
|
76
|
+
- - ">="
|
77
|
+
- !ruby/object:Gem::Version
|
78
|
+
segments:
|
79
|
+
- 0
|
80
|
+
version: "0"
|
81
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
82
|
+
requirements:
|
83
|
+
- - ">="
|
84
|
+
- !ruby/object:Gem::Version
|
85
|
+
segments:
|
86
|
+
- 0
|
87
|
+
version: "0"
|
88
|
+
requirements: []
|
89
|
+
|
90
|
+
rubyforge_project:
|
91
|
+
rubygems_version: 1.3.6
|
92
|
+
signing_key:
|
93
|
+
specification_version: 3
|
94
|
+
summary: Super simple access control.
|
95
|
+
test_files:
|
96
|
+
- test/helper.rb
|
97
|
+
- test/iq/acl_test.rb
|