ixtlan-guard 0.6.1 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -34,7 +34,7 @@ module Ixtlan
34
34
  def allowed_groups(resource, action, current_groups)
35
35
  allowed = @config.allowed_groups(resource, action) - blocked_groups + @superuser
36
36
  if allowed.member?('*')
37
- current_groups
37
+ current_groups - (blocked_groups - @superuser)
38
38
  else
39
39
  intersect(allowed, current_groups)
40
40
  end
@@ -43,7 +43,7 @@ module Ixtlan
43
43
  def allowed?(resource, action, current_groups, flavor = nil, &block)
44
44
  current_groups = current_groups.collect { |g| g.to_s }
45
45
  allowed_groups = self.allowed_groups(resource, action, current_groups)
46
- logger.debug { "guard #{resource}##{action}: #{allowed_groups.size > 0}" }
46
+ logger.debug { "guard #{resource}##{action}: #{allowed_groups.size > 0}" }
47
47
  if allowed_groups.size > 0
48
48
  if block
49
49
  g = allowed_groups.detect do |group|
@@ -77,8 +77,20 @@ module Ixtlan
77
77
  perm = Node.new(:permission)
78
78
  perm[:resource] = resource
79
79
  perm[:actions] = nodes
80
- defaults = intersect(current_groups, (actions.delete('defaults') || []) + @superuser)
81
- deny = perm[:deny] = defaults.size != 0
80
+ defaults = actions.delete('defaults') || []
81
+ defaults = intersect(current_groups, defaults + @superuser) unless defaults.member?('*')
82
+ # no actions
83
+ # deny = false: !defaults.member?('*')
84
+ # deny = true: defaults.member?('*') || current_groups.member?(@superuser[0])
85
+ deny = if actions.size == 0
86
+ defaults.member?('*') || current_groups.member?(@superuser[0])
87
+ else
88
+ # actions
89
+ # deny = false : defaults == []
90
+ # deny = true : defaults.member?('*')
91
+ defaults.size != 0 || defaults.member?('*')
92
+ end
93
+ perm[:deny] = deny
82
94
  actions.each do |action, groups|
83
95
  node = Node.new(:action)
84
96
  allowed_groups =
@@ -3,9 +3,7 @@ module Ixtlan
3
3
  module Guard #:nodoc:
4
4
  def self.included(base)
5
5
  base.send(:include, InstanceMethods)
6
- unless base.respond_to?(:groups_for_current_user)
7
- base.send(:include, GroupsMethod)
8
- end
6
+ base.send(:include, GroupsMethod)
9
7
  end
10
8
 
11
9
  module GroupsMethod
@@ -40,9 +38,10 @@ module Ixtlan
40
38
  end
41
39
 
42
40
  def check(flavor = nil, &block)
41
+ group_method = respond_to?(:current_user_group_names) ? :current_user_group_names : :groups_for_current_user
43
42
  unless guard.allowed?(params[:controller],
44
43
  params[:action],
45
- groups_for_current_user,
44
+ send(group_method),
46
45
  flavor,
47
46
  &block)
48
47
  if flavor
@@ -18,6 +18,7 @@ describe Ixtlan::Guard::GuardNG do
18
18
  subject.permissions(['unknown_group']).should == [
19
19
  #allow nothing
20
20
  {:permission=>{:resource=>"users", :actions=>[], :deny=>false}},
21
+ {:permission=>{:resource=>"only_defaults", :actions=>[], :deny=>true}},
21
22
  {:permission=>
22
23
  {
23
24
  :resource=>"no_defaults",
@@ -36,12 +37,15 @@ describe Ixtlan::Guard::GuardNG do
36
37
  #allow nothing
37
38
  {:permission=>{:resource=>"person", :actions=>[], :deny=>false}},
38
39
  #allow nothing
39
- {:permission=>{:resource=>"accounts", :actions=>[], :deny=>false}}]
40
+ {:permission=>{:resource=>"accounts", :actions=>[], :deny=>false}},
41
+ # allow anything but index
42
+ {:permission=>{:resource=>"allow_all_defaults", :actions=>[{:action=>{:name=>"index"}}], :deny=>true}}]
40
43
  end
41
44
  it 'should deny some without defaults but wildcard "*" actions' do
42
45
  subject.permissions(['no_admin']).should == [
43
46
  #allow nothing
44
47
  {:permission=>{:resource=>"users", :actions=>[], :deny=>false}},
48
+ {:permission=>{:resource=>"only_defaults", :actions=>[], :deny=>true}},
45
49
  {:permission=>
46
50
  {
47
51
  :resource=>"no_defaults",
@@ -63,20 +67,25 @@ describe Ixtlan::Guard::GuardNG do
63
67
  #allow nothing
64
68
  {:permission=>{:resource=>"person", :actions=>[], :deny=>false}},
65
69
  #allow nothing
66
- {:permission=>{:resource=>"accounts", :actions=>[], :deny=>false}}]
70
+ {:permission=>{:resource=>"accounts", :actions=>[], :deny=>false}},
71
+ # allow anything but index
72
+ {:permission=>{:resource=>"allow_all_defaults", :actions=>[{:action=>{:name=>"index"}}], :deny=>true}}]
67
73
  end
68
74
  it 'should allow "root"' do
69
75
  subject.permissions(['root']).should == [
70
76
  {:permission=>{:resource=>"users", :actions=>[], :deny=>true}},
77
+ {:permission=>{:resource=>"only_defaults", :actions=>[], :deny=>true}},
71
78
  {:permission=>{:resource=>"no_defaults", :actions=>[], :deny=>true}},
72
79
  {:permission=>{:resource=>"defaults", :actions=>[], :deny=>true}},
73
80
  {:permission=>{:resource=>"person", :actions=>[], :deny=>true}},
74
- {:permission=>{:resource=>"accounts", :actions=>[], :deny=>true}}]
81
+ {:permission=>{:resource=>"accounts", :actions=>[], :deny=>true}},
82
+ {:permission=>{:resource=>"allow_all_defaults", :actions=>[], :deny=>true}}]
75
83
  end
76
84
  it 'should allow with default group' do
77
85
  subject.permissions(['_master']).should == [
78
86
  #allow nothing
79
87
  {:permission=>{:resource=>"users", :actions=>[], :deny=>false}},
88
+ {:permission=>{:resource=>"only_defaults", :actions=>[], :deny=>true}},
80
89
  {:permission=>
81
90
  {
82
91
  :resource=>"no_defaults",
@@ -96,12 +105,15 @@ describe Ixtlan::Guard::GuardNG do
96
105
  #allow nothing
97
106
  {:permission=>{:resource=>"person", :actions=>[], :deny=>false}},
98
107
  #allow nothing
99
- {:permission=>{:resource=>"accounts", :actions=>[], :deny=>false}}]
108
+ {:permission=>{:resource=>"accounts", :actions=>[], :deny=>false}},
109
+ # allow anything but index
110
+ {:permission=>{:resource=>"allow_all_defaults", :actions=>[{:action=>{:name=>"index"}}], :deny=>true}}]
100
111
  end
101
112
  it 'should allow with non-default group' do
102
113
  subject.permissions(['_admin']).should == [
103
114
  #allow nothing
104
115
  {:permission=>{:resource=>"users", :actions=>[], :deny=>false}},
116
+ {:permission=>{:resource=>"only_defaults", :actions=>[], :deny=>true}},
105
117
  {:permission=>
106
118
  {
107
119
  :resource=>"no_defaults",
@@ -122,7 +134,9 @@ describe Ixtlan::Guard::GuardNG do
122
134
  #allow nothing
123
135
  {:permission=>{:resource=>"person", :actions=>[], :deny=>false}},
124
136
  #allow nothing
125
- {:permission=>{:resource=>"accounts", :actions=>[], :deny=>false}}]
137
+ {:permission=>{:resource=>"accounts", :actions=>[], :deny=>false}},
138
+ # allow anything but index
139
+ {:permission=>{:resource=>"allow_all_defaults", :actions=>[], :deny=>true}}]
126
140
  end
127
141
  end
128
142
 
@@ -29,17 +29,22 @@ describe Ixtlan::Guard::GuardNG do
29
29
  end
30
30
 
31
31
  it 'should pass "allow all groups" with user with any groups' do
32
- subject.allowed?(:users, :index, [:any]).should be_true
32
+ subject.allowed?(:users, :index, [:any_possible_group]).should be_true
33
+ subject.allowed?(:only_defaults, :index, [:any_possible_group]).should be_true
33
34
  end
34
35
 
35
36
  it 'should pass' do
36
37
  subject.allowed?(:users, :update, [:users]).should be_true
38
+ subject.allowed?(:only_defaults, :update, [:users]).should be_true
39
+ subject.allowed?(:allow_all_defaults, :update, [:users]).should be_true
37
40
  end
38
41
 
39
42
  it 'should not pass with user when in blocked group' do
40
43
  subject.block_groups([:users])
41
44
  begin
42
45
  subject.allowed?(:users, :update, [:users]).should be_false
46
+ subject.allowed?(:only_defaults, :update, [:users]).should be_false
47
+ subject.allowed?(:allow_all_defaults, :update, [:users]).should be_false
43
48
  ensure
44
49
  subject.block_groups([])
45
50
  end
@@ -49,6 +54,8 @@ describe Ixtlan::Guard::GuardNG do
49
54
  subject.block_groups([:accounts])
50
55
  begin
51
56
  subject.allowed?(:users, :update, [:users]).should be_true
57
+ subject.allowed?(:only_defaults, :update, [:users]).should be_true
58
+ subject.allowed?(:allow_all_defaults, :update, [:users]).should be_true
52
59
  ensure
53
60
  subject.block_groups([])
54
61
  end
@@ -58,6 +65,8 @@ describe Ixtlan::Guard::GuardNG do
58
65
  subject.block_groups([:root])
59
66
  begin
60
67
  subject.allowed?(:users, :update, [:root]).should be_true
68
+ subject.allowed?(:only_defaults, :update, [:root]).should be_true
69
+ subject.allowed?(:allow_all_defaults, :update, [:root]).should be_true
61
70
  ensure
62
71
  subject.block_groups([])
63
72
  end
@@ -65,10 +74,13 @@ describe Ixtlan::Guard::GuardNG do
65
74
 
66
75
  it 'should not pass' do
67
76
  subject.allowed?(:users, :update, [:accounts]).should be_false
77
+ subject.allowed?(:allow_all_defaults, :index, [:users]).should be_false
68
78
  end
69
79
 
70
80
  it 'should should use defaults on unknown action' do
71
81
  subject.allowed?(:users, :unknow, [:users]).should be_true
82
+ subject.allowed?(:only_defaults, :unknow, [:users]).should be_true
83
+ subject.allowed?(:allow_all_defaults, :update, [:users]).should be_true
72
84
  end
73
85
 
74
86
  it 'should pass with right group and allowed flavor' do
@@ -0,0 +1,3 @@
1
+ allow_all_defaults:
2
+ defaults: [*, and_something_else_which_does_matter]
3
+ index: [_admin]
@@ -0,0 +1,3 @@
1
+ allow_all_defaults:
2
+ defaults: [*, and_something_else_which_does_matter]
3
+ index: [admin]
@@ -0,0 +1,3 @@
1
+ only_defaults:
2
+ defaults: [*, and_something_else_which_does_matter]
3
+ index: [admin]
@@ -0,0 +1,2 @@
1
+ only_defaults:
2
+ defaults: [*, and_something_else_which_does_matter]
@@ -0,0 +1,3 @@
1
+ only_defaults:
2
+ defaults: [*, and_something_else_which_does_matter]
3
+ index: [admin]
metadata CHANGED
@@ -2,7 +2,7 @@
2
2
  name: ixtlan-guard
3
3
  version: !ruby/object:Gem::Version
4
4
  prerelease:
5
- version: 0.6.1
5
+ version: 0.7.0
6
6
  platform: ruby
7
7
  authors:
8
8
  - mkristian
@@ -10,7 +10,7 @@ autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
12
 
13
- date: 2011-10-16 00:00:00 +05:30
13
+ date: 2011-11-04 00:00:00 +05:30
14
14
  default_executable:
15
15
  dependencies:
16
16
  - !ruby/object:Gem::Dependency
@@ -21,7 +21,7 @@ dependencies:
21
21
  requirements:
22
22
  - - ~>
23
23
  - !ruby/object:Gem::Version
24
- version: 0.6.0
24
+ version: 0.7.0
25
25
  type: :runtime
26
26
  version_requirements: *id001
27
27
  - !ruby/object:Gem::Dependency
@@ -140,8 +140,11 @@ files:
140
140
  - spec/guards/accounts1_guard.yml~
141
141
  - spec/guards/users_guard.yml
142
142
  - spec/guards/users2_guard.yml
143
+ - spec/guards/only_defaults_guard.yml
144
+ - spec/guards/allow_alldefaults.yml~
143
145
  - spec/guards/accounts2_guard.yml~
144
146
  - spec/guards/users2_guard.yml~
147
+ - spec/guards/only_defaults_guard.yml~
145
148
  - spec/guards/users_guard.yml~
146
149
  - spec/guards/users1_guard.yml~
147
150
  - spec/guards/tools_guard.yml~
@@ -151,6 +154,8 @@ files:
151
154
  - spec/guards/person_guard.yml
152
155
  - spec/guards/accounts_guard.yml
153
156
  - spec/guards/no_defaults_guard.yml~
157
+ - spec/guards/allow_all_defaults_guard.yml
158
+ - spec/guards/allow_all_defaults_guard.yml~
154
159
  - spec/guards/defaults_guard.yml~
155
160
  - features/step_definitions/ruby_maven.rb
156
161
  - features/step_definitions/simple_steps.rb