ixtlan-guard 0.7.0 → 0.7.2
Sign up to get free protection for your applications and to get access to all the features.
- data/features/generators.feature +0 -10
- data/features/step_definitions/simple_steps.rb +1 -82
- data/lib/ixtlan/guard/guard_ng.rb +77 -76
- data/lib/ixtlan/guard/guard_rails.rb +8 -8
- data/lib/ixtlan/guard/railtie.rb +1 -1
- data/spec/guard_cache_spec.rb +1 -1
- data/spec/guard_export_spec.rb +118 -90
- data/spec/guard_spec.rb +1 -16
- data/spec/guard_with_associations_spec.rb +114 -0
- data/spec/guard_with_associations_spec.rb~ +106 -0
- data/spec/guards/allow_all_defaults_guard.yml +1 -1
- data/spec/guards/defaults_guard.yml +1 -1
- data/spec/guards/no_defaults_guard.yml +1 -1
- data/spec/guards/only_defaults_guard.yml +1 -1
- data/spec/guards/regions_guard.yml +8 -0
- data/spec/guards/regions_guard.yml~ +2 -0
- data/spec/guards/users_guard.yml +1 -1
- metadata +8 -24
- data/lib/generators/active_record/templates/flavor_migration.rb +0 -13
- data/lib/generators/active_record/templates/flavor_model.rb +0 -8
- data/lib/generators/active_record/templates/group_model.rb +0 -43
- data/lib/generators/active_record/templates/group_user_migration.rb +0 -13
- data/lib/generators/active_record/templates/user_model.rb +0 -124
- data/lib/generators/active_record/user_management_models_generator.rb +0 -202
- data/lib/generators/erb/user_management_controller_generator.rb +0 -10
- data/lib/generators/ixtlan/maintenance_scaffold/USAGE +0 -8
- data/lib/generators/ixtlan/maintenance_scaffold/maintenance_scaffold_generator.rb +0 -40
- data/lib/generators/ixtlan/permissions_scaffold/USAGE +0 -8
- data/lib/generators/ixtlan/permissions_scaffold/permissions_scaffold_generator.rb +0 -33
- data/lib/generators/ixtlan/user_management_controller/USAGE +0 -8
- data/lib/generators/ixtlan/user_management_controller/user_management_controller_generator.rb +0 -23
- data/lib/generators/ixtlan/user_management_models/USAGE +0 -8
- data/lib/generators/ixtlan/user_management_models/user_management_models_generator.rb +0 -19
- data/lib/generators/ixtlan/user_management_scaffold/user_management_scaffold_generator.rb +0 -13
- data/lib/ixtlan/guard/controllers/maintenance_controller.rb +0 -45
- data/lib/ixtlan/guard/controllers/permissions_controller.rb +0 -41
- data/lib/ixtlan/guard/models/maintenance.rb +0 -55
- data/lib/ixtlan/guard/models/user_update_manager.rb +0 -95
- data/lib/ixtlan/guard/spec/user_management_models_spec.rb +0 -193
data/spec/guard_spec.rb
CHANGED
@@ -7,7 +7,7 @@ describe Ixtlan::Guard::GuardNG do
|
|
7
7
|
subject do
|
8
8
|
logger = Logger.new(STDOUT)
|
9
9
|
def logger.debug(&block)
|
10
|
-
info("\n\t[debug] " + block.call)
|
10
|
+
#info("\n\t[debug] " + block.call)
|
11
11
|
end
|
12
12
|
Ixtlan::Guard::GuardNG.new(:guards_dir => File.join(File.dirname(__FILE__), "guards"), :logger => logger )
|
13
13
|
end
|
@@ -83,19 +83,4 @@ describe Ixtlan::Guard::GuardNG do
|
|
83
83
|
subject.allowed?(:allow_all_defaults, :update, [:users]).should be_true
|
84
84
|
end
|
85
85
|
|
86
|
-
it 'should pass with right group and allowed flavor' do
|
87
|
-
subject.allowed?(:users, :update, [:users], :example){ |g| [:example]}.should be_true
|
88
|
-
end
|
89
|
-
|
90
|
-
it 'should not pass with wrong group but allowed flavor' do
|
91
|
-
subject.allowed?(:users, :update, [:accounts], :example){ |g| [:example]}.should be_false
|
92
|
-
end
|
93
|
-
|
94
|
-
it 'should not pass with wrong group but disallowed flavor' do
|
95
|
-
subject.allowed?(:users, :update, [:accounts], :example){ |g| []}.should be_false
|
96
|
-
end
|
97
|
-
|
98
|
-
it 'should not pass with right group and disallowed flavor' do
|
99
|
-
subject.allowed?(:users, :update, [:users], :example){ |g| []}.should be_false
|
100
|
-
end
|
101
86
|
end
|
@@ -0,0 +1,114 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'ixtlan/guard/guard_ng'
|
3
|
+
require 'logger'
|
4
|
+
|
5
|
+
class Group
|
6
|
+
|
7
|
+
attr_accessor :name, :domains
|
8
|
+
|
9
|
+
def initialize(name, *domains)
|
10
|
+
@name = name
|
11
|
+
@domains = domains.flatten
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
describe Ixtlan::Guard::GuardNG do
|
16
|
+
|
17
|
+
subject do
|
18
|
+
logger = Logger.new(STDOUT)
|
19
|
+
def logger.debug(&block)
|
20
|
+
# info("\n\t[debug] " + block.call)
|
21
|
+
end
|
22
|
+
Ixtlan::Guard::GuardNG.new(:guards_dir => File.join(File.dirname(__FILE__), "guards"), :logger => logger )
|
23
|
+
end
|
24
|
+
|
25
|
+
it 'should pass without association without block' do
|
26
|
+
subject.allowed?(:users, :update, [Group.new(:users)]).should be_true
|
27
|
+
end
|
28
|
+
|
29
|
+
it 'should deny without association with block' do
|
30
|
+
subject.allowed?(:users, :update, [Group.new(:users)]){}.should be_false
|
31
|
+
end
|
32
|
+
|
33
|
+
it 'should deny with association without block' do
|
34
|
+
subject.allowed?(:users, :update, [Group.new(:users, :manager)], :manager).should be_false
|
35
|
+
end
|
36
|
+
|
37
|
+
it 'should pass with matching association with block' do
|
38
|
+
subject.allowed?(:users, :update, [Group.new(:users, :manager)], :manager) do |group, association|
|
39
|
+
group.domains.detect {|d| d == association.to_s }
|
40
|
+
end.should be_false
|
41
|
+
end
|
42
|
+
|
43
|
+
it 'should fail with mismatching association with block' do
|
44
|
+
subject.allowed?(:users, :update, [Group.new(:users, :manager)], :nomanager) do |group, association|
|
45
|
+
group.domains.detect {|d| d == association }
|
46
|
+
end.should be_false
|
47
|
+
end
|
48
|
+
|
49
|
+
it 'should add associations to node' do
|
50
|
+
subject.permissions([Group.new('admin', [:german, :french])]) do |resource, action, groups|
|
51
|
+
if groups && groups.first && groups.first.name == 'admin'
|
52
|
+
{ :domains => groups.first.domains }
|
53
|
+
else
|
54
|
+
{}
|
55
|
+
end
|
56
|
+
end.sort { |m,n| m[:resource] <=> n[:resource]}.should ==
|
57
|
+
[{
|
58
|
+
:permission=>{
|
59
|
+
:resource=>"accounts",
|
60
|
+
:actions=>[{:action=>{
|
61
|
+
:name=>"destroy",
|
62
|
+
:domains=>[:german, :french]}}],
|
63
|
+
:deny=>false}},
|
64
|
+
{
|
65
|
+
:permission=>{
|
66
|
+
:resource=>"allow_all_defaults",
|
67
|
+
:actions=>[{:action=>{:name=>"index"}}],
|
68
|
+
:deny=>true,
|
69
|
+
:domains=>[:german, :french]}},
|
70
|
+
{
|
71
|
+
:permission=>{
|
72
|
+
:resource=>"defaults",
|
73
|
+
:actions=>[{:action=>{
|
74
|
+
:name=>"index",
|
75
|
+
:domains=>[:german, :french]}}],
|
76
|
+
:deny=>false}},
|
77
|
+
{
|
78
|
+
:permission=>{
|
79
|
+
:resource=>"no_defaults",
|
80
|
+
:actions=>[{:action=>{
|
81
|
+
:name=>"index",
|
82
|
+
:domains=>[:german, :french]}}],
|
83
|
+
:deny=>false}},
|
84
|
+
{
|
85
|
+
:permission=>{
|
86
|
+
:resource=>"only_defaults",
|
87
|
+
:domains=>[:german, :french],
|
88
|
+
:actions=>[],
|
89
|
+
:deny=>true}},
|
90
|
+
{
|
91
|
+
:permission=>{
|
92
|
+
:resource=>"person",
|
93
|
+
:actions=> [{:action=>{
|
94
|
+
:name=>"destroy",
|
95
|
+
:domains=>[:german, :french]}},
|
96
|
+
{:action=>{
|
97
|
+
:name=>"index",
|
98
|
+
:domains=>[:german, :french]}}],
|
99
|
+
:deny=>false}},
|
100
|
+
{
|
101
|
+
:permission=>{
|
102
|
+
:resource=>"regions",
|
103
|
+
:actions=>[
|
104
|
+
{:action=>{:name=>"show", :domains=>[:german, :french]}},
|
105
|
+
{:action=>{:name=>"create", :domains=>[:german, :french]}}
|
106
|
+
],
|
107
|
+
:deny=>false}},
|
108
|
+
{
|
109
|
+
:permission=>{
|
110
|
+
:resource=>"users",
|
111
|
+
:actions=>[],
|
112
|
+
:deny=>false}}]
|
113
|
+
end
|
114
|
+
end
|
@@ -0,0 +1,106 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'ixtlan/guard/guard_ng'
|
3
|
+
require 'logger'
|
4
|
+
|
5
|
+
class Group
|
6
|
+
|
7
|
+
attr_accessor :name, :domains
|
8
|
+
|
9
|
+
def initialize(name, *domains)
|
10
|
+
@name = name
|
11
|
+
@domains = domains.flatten
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
describe Ixtlan::Guard::GuardNG do
|
16
|
+
|
17
|
+
subject do
|
18
|
+
logger = Logger.new(STDOUT)
|
19
|
+
def logger.debug(&block)
|
20
|
+
info("\n\t[debug] " + block.call)
|
21
|
+
end
|
22
|
+
Ixtlan::Guard::GuardNG.new(:guards_dir => File.join(File.dirname(__FILE__), "guards"), :logger => logger )
|
23
|
+
end
|
24
|
+
|
25
|
+
it 'should pass without association without block' do
|
26
|
+
subject.allowed?(:users, :update, [Group.new(:users)]).should be_true
|
27
|
+
end
|
28
|
+
|
29
|
+
it 'should deny without association with block' do
|
30
|
+
subject.allowed?(:users, :update, [Group.new(:users)]){}.should be_false
|
31
|
+
end
|
32
|
+
|
33
|
+
it 'should deny with association without block' do
|
34
|
+
subject.allowed?(:users, :update, [Group.new(:users, :manager)], :manager).should be_false
|
35
|
+
end
|
36
|
+
|
37
|
+
it 'should pass with matching association with block' do
|
38
|
+
subject.allowed?(:users, :update, [Group.new(:users, :manager)], :manager) do |group, association|
|
39
|
+
group.domains.detect {|d| d == association.to_s }
|
40
|
+
end.should be_false
|
41
|
+
end
|
42
|
+
|
43
|
+
it 'should fail with mismatching association with block' do
|
44
|
+
subject.allowed?(:users, :update, [Group.new(:users, :manager)], :nomanager) do |group, association|
|
45
|
+
group.domains.detect {|d| d == association }
|
46
|
+
end.should be_false
|
47
|
+
end
|
48
|
+
|
49
|
+
it 'should add associations to node' do
|
50
|
+
subject.permissions([Group.new('admin', [:german, :french])]) do |groups|
|
51
|
+
if groups && groups.first && groups.first.name == 'admin'
|
52
|
+
{ :domains => groups.first.domains }
|
53
|
+
else
|
54
|
+
{}
|
55
|
+
end
|
56
|
+
end.should ==
|
57
|
+
[{
|
58
|
+
:permission=>{
|
59
|
+
:resource=>"person",
|
60
|
+
:actions=> [{:action=>{
|
61
|
+
:domains=>[:german, :french],
|
62
|
+
:name=>"destroy"}},
|
63
|
+
{:action=>{
|
64
|
+
:domains=>[:german, :french],
|
65
|
+
:name=>"index"}}],
|
66
|
+
:deny=>false}},
|
67
|
+
{
|
68
|
+
:permission=>{
|
69
|
+
:resource=>"accounts",
|
70
|
+
:actions=>[{:action=>{
|
71
|
+
:domains=>[:german, :french],
|
72
|
+
:name=>"destroy"}}],
|
73
|
+
:deny=>false}},
|
74
|
+
{
|
75
|
+
:permission=>{
|
76
|
+
:resource=>"defaults",
|
77
|
+
:actions=>[{:action=>{
|
78
|
+
:domains=>[:german, :french],
|
79
|
+
:name=>"index"}}],
|
80
|
+
:deny=>false}},
|
81
|
+
{
|
82
|
+
:permission=>{
|
83
|
+
:resource=>"no_defaults",
|
84
|
+
:actions=>[{:action=>{
|
85
|
+
:domains=>[:german, :french],
|
86
|
+
:name=>"index"}}],
|
87
|
+
:deny=>false}},
|
88
|
+
{
|
89
|
+
:permission=>{
|
90
|
+
:resource=>"users",
|
91
|
+
:actions=>[],
|
92
|
+
:deny=>false}},
|
93
|
+
{
|
94
|
+
:permission=>{
|
95
|
+
:resource=>"only_defaults",
|
96
|
+
:domains=>[:german, :french],
|
97
|
+
:actions=>[],
|
98
|
+
:deny=>true}},
|
99
|
+
{
|
100
|
+
:permission=>{
|
101
|
+
:resource=>"allow_all_defaults",
|
102
|
+
:domains=>[:german, :french],
|
103
|
+
:actions=>[{:action=>{:name=>"index"}}],
|
104
|
+
:deny=>true}}]
|
105
|
+
end
|
106
|
+
end
|
@@ -1,2 +1,2 @@
|
|
1
1
|
only_defaults:
|
2
|
-
defaults: [
|
2
|
+
defaults: ['*', and_something_else_which_does_matter]
|
data/spec/guards/users_guard.yml
CHANGED
metadata
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
name: ixtlan-guard
|
3
3
|
version: !ruby/object:Gem::Version
|
4
4
|
prerelease:
|
5
|
-
version: 0.7.
|
5
|
+
version: 0.7.2
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
8
8
|
- mkristian
|
@@ -10,7 +10,7 @@ autorequire:
|
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
12
|
|
13
|
-
date:
|
13
|
+
date: 2012-02-02 00:00:00 +05:30
|
14
14
|
default_executable:
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
@@ -76,7 +76,7 @@ dependencies:
|
|
76
76
|
requirements:
|
77
77
|
- - "="
|
78
78
|
- !ruby/object:Gem::Version
|
79
|
-
version:
|
79
|
+
version: 3.0.3.0.28.5
|
80
80
|
type: :development
|
81
81
|
version_requirements: *id006
|
82
82
|
description: simple authorization framework for rails controllers
|
@@ -91,7 +91,6 @@ extra_rdoc_files: []
|
|
91
91
|
files:
|
92
92
|
- MIT-LICENSE
|
93
93
|
- lib/ixtlan-guard.rb
|
94
|
-
- lib/generators/erb/user_management_controller_generator.rb
|
95
94
|
- lib/generators/guard/controller/USAGE
|
96
95
|
- lib/generators/guard/controller/controller_generator.rb
|
97
96
|
- lib/generators/guard/controller/controller_generator.rb~
|
@@ -99,21 +98,6 @@ files:
|
|
99
98
|
- lib/generators/guard/scaffold/scaffold_generator.rb
|
100
99
|
- lib/generators/guard/templates/guard.yml
|
101
100
|
- lib/generators/guard/templates/guard.yml~
|
102
|
-
- lib/generators/ixtlan/user_management_scaffold/user_management_scaffold_generator.rb
|
103
|
-
- lib/generators/ixtlan/user_management_controller/USAGE
|
104
|
-
- lib/generators/ixtlan/user_management_controller/user_management_controller_generator.rb
|
105
|
-
- lib/generators/ixtlan/maintenance_scaffold/USAGE
|
106
|
-
- lib/generators/ixtlan/maintenance_scaffold/maintenance_scaffold_generator.rb
|
107
|
-
- lib/generators/ixtlan/permissions_scaffold/USAGE
|
108
|
-
- lib/generators/ixtlan/permissions_scaffold/permissions_scaffold_generator.rb
|
109
|
-
- lib/generators/ixtlan/user_management_models/user_management_models_generator.rb
|
110
|
-
- lib/generators/ixtlan/user_management_models/USAGE
|
111
|
-
- lib/generators/active_record/user_management_models_generator.rb
|
112
|
-
- lib/generators/active_record/templates/user_model.rb
|
113
|
-
- lib/generators/active_record/templates/group_model.rb
|
114
|
-
- lib/generators/active_record/templates/flavor_migration.rb
|
115
|
-
- lib/generators/active_record/templates/group_user_migration.rb
|
116
|
-
- lib/generators/active_record/templates/flavor_model.rb
|
117
101
|
- lib/ixtlan/guard.rb
|
118
102
|
- lib/ixtlan/guard/abstract_session.rb
|
119
103
|
- lib/ixtlan/guard/abstract_session.rb~
|
@@ -125,12 +109,9 @@ files:
|
|
125
109
|
- lib/ixtlan/guard/guard_rails.rb
|
126
110
|
- lib/ixtlan/guard/guard_config.rb~
|
127
111
|
- lib/ixtlan/guard/railtie.rb
|
128
|
-
- lib/ixtlan/guard/controllers/maintenance_controller.rb
|
129
|
-
- lib/ixtlan/guard/controllers/permissions_controller.rb
|
130
|
-
- lib/ixtlan/guard/spec/user_management_models_spec.rb
|
131
|
-
- lib/ixtlan/guard/models/maintenance.rb
|
132
|
-
- lib/ixtlan/guard/models/user_update_manager.rb
|
133
112
|
- spec/guard_export_spec.rb~
|
113
|
+
- spec/guard_with_associations_spec.rb
|
114
|
+
- spec/guard_with_associations_spec.rb~
|
134
115
|
- spec/guard_export_spec.rb
|
135
116
|
- spec/spec_helper.rb
|
136
117
|
- spec/guard_cache_spec.rb
|
@@ -149,11 +130,13 @@ files:
|
|
149
130
|
- spec/guards/users1_guard.yml~
|
150
131
|
- spec/guards/tools_guard.yml~
|
151
132
|
- spec/guards/no_defaults_guard.yml
|
133
|
+
- spec/guards/regions_guard.yml~
|
152
134
|
- spec/guards/defaults_guard.yml
|
153
135
|
- spec/guards/users1_guard.yml
|
154
136
|
- spec/guards/person_guard.yml
|
155
137
|
- spec/guards/accounts_guard.yml
|
156
138
|
- spec/guards/no_defaults_guard.yml~
|
139
|
+
- spec/guards/regions_guard.yml
|
157
140
|
- spec/guards/allow_all_defaults_guard.yml
|
158
141
|
- spec/guards/allow_all_defaults_guard.yml~
|
159
142
|
- spec/guards/defaults_guard.yml~
|
@@ -189,6 +172,7 @@ signing_key:
|
|
189
172
|
specification_version: 3
|
190
173
|
summary: guard your controller actions
|
191
174
|
test_files:
|
175
|
+
- spec/guard_with_associations_spec.rb
|
192
176
|
- spec/guard_export_spec.rb
|
193
177
|
- spec/guard_cache_spec.rb
|
194
178
|
- spec/guard_spec.rb
|
@@ -1,13 +0,0 @@
|
|
1
|
-
class Create<%= association_name.camelize %> < ActiveRecord::Migration
|
2
|
-
def self.up
|
3
|
-
create_table :<%= association_name %>, :id => false, :force => true do |t|
|
4
|
-
<% [file_name, group_name, user_name].sort.each do |name| -%>
|
5
|
-
t.integer :<%= name %>_id
|
6
|
-
<% end -%>
|
7
|
-
end
|
8
|
-
end
|
9
|
-
|
10
|
-
def self.down
|
11
|
-
drop_table :<%= association_name %>
|
12
|
-
end
|
13
|
-
end
|
@@ -1,8 +0,0 @@
|
|
1
|
-
class <%= association_class_name(plural_name) %> < <%= parent_class_name.classify %>
|
2
|
-
<% attributes.select {|attr| attr.reference? }.each do |attribute| -%>
|
3
|
-
belongs_to :<%= attribute.name %>
|
4
|
-
<% end -%>
|
5
|
-
<% [name, group_name, user_name].sort.each do |ref_name| -%>
|
6
|
-
belongs_to :<%= ref_name %>
|
7
|
-
<% end -%>
|
8
|
-
end
|
@@ -1,43 +0,0 @@
|
|
1
|
-
class <%= group_class_name %> < <%= parent_class_name.classify %>
|
2
|
-
<% attributes.select {|attr| attr.reference? }.each do |attribute| -%>
|
3
|
-
belongs_to :<%= attribute.name %>
|
4
|
-
<% end -%>
|
5
|
-
|
6
|
-
has_and_belongs_to_many :<%= plural_user_name %>
|
7
|
-
|
8
|
-
ROOT = 'root'
|
9
|
-
ADMIN = 'admin'
|
10
|
-
|
11
|
-
def self.admin_group
|
12
|
-
find_by_<%= attributes.first.name %>(ADMIN)
|
13
|
-
end
|
14
|
-
|
15
|
-
def self.root_group
|
16
|
-
find_by_<%= attributes.first.name %>(ROOT)
|
17
|
-
end
|
18
|
-
|
19
|
-
def admin?
|
20
|
-
<%= attributes.first.name %> == ADMIN
|
21
|
-
end
|
22
|
-
|
23
|
-
def root?
|
24
|
-
<%= attributes.first.name %> == ROOT
|
25
|
-
end
|
26
|
-
|
27
|
-
def self.get(id_or_<%= attributes.first.name %>_or_<%= file_name %>)
|
28
|
-
case id_or_<%= attributes.first.name %>_or_<%= file_name %>
|
29
|
-
when Fixnum
|
30
|
-
find(id_or_<%= attributes.first.name %>_or_<%= file_name %>)
|
31
|
-
when String
|
32
|
-
find_by_<%= attributes.first.name %>(id_or_<%= attributes.first.name %>_or_<%= file_name %>)
|
33
|
-
when Symbol
|
34
|
-
find_by_<%= attributes.first.name %>(id_or_<%= attributes.first.name %>_or_<%= file_name %>.to_s)
|
35
|
-
else
|
36
|
-
id_or_<%= attributes.first.name %>_or_<%= file_name %>
|
37
|
-
end
|
38
|
-
end
|
39
|
-
|
40
|
-
def to_name
|
41
|
-
<%= group_field_name %>
|
42
|
-
end
|
43
|
-
end
|