jakewendt-simply_authorized 1.3.6

data/lib/jakewendt-simply_authorized.rb

@@ -0,0 +1 @@
+require 'simply_authorized'

data/lib/simply_authorized.rb

@@ -0,0 +1,41 @@
+module SimplyAuthorized
+#	predefined namespace
+end
+require 'active_support'
+require 'ruby_extension'
+require 'simply_helpful'
+require 'acts_as_list'
+#require 'calnet_authenticated'
+
+require 'action_controller'	#	loads HTML
+HTML::WhiteListSanitizer.allowed_attributes.merge(%w(
+	id class style
+))
+
+%w{models controllers}.each do |dir|
+	path = File.expand_path(File.join(File.dirname(__FILE__), '../app', dir))
+	ActiveSupport::Dependencies.autoload_paths << path
+	ActiveSupport::Dependencies.autoload_once_paths << path
+end
+
+require 'simply_authorized/core_extension'
+require 'simply_authorized/user_model'
+require 'simply_authorized/authorization'
+require 'simply_authorized/helper'
+require 'simply_authorized/controller'
+require 'simply_authorized/resourceful_controller'
+require 'simply_authorized/permissive_controller'
+
+if defined?(Rails) && Rails.env == 'test' && Rails.class_variable_defined?("@@configuration")
+	require 'active_support/test_case'
+	require 'factory_girl'
+	require 'simply_authorized/factories'
+	require 'simply_authorized/factory_test_helper'
+#	else
+#		running a rake task
+end
+
+ActionController::Routing::Routes.add_configuration_file(
+	File.expand_path(
+		File.join(
+			File.dirname(__FILE__), '../config/routes.rb')))

data/lib/simply_authorized/authorization.rb

@@ -0,0 +1,68 @@
+module SimplyAuthorized
+module Authorization
+module Controller
+
+	def self.included(base)
+		base.send(:include, InstanceMethods)
+		base.alias_method_chain :method_missing, :authorization
+	end
+
+	module InstanceMethods
+
+		def auth_redirections(permission_name)
+			if respond_to?(:redirections) && 
+				redirections.is_a?(Hash) &&
+				!redirections[permission_name].blank?
+				redirections[permission_name]
+			else
+				HashWithIndifferentAccess.new
+			end
+		end
+
+		def method_missing_with_authorization(symb,*args, &block)
+			method_name = symb.to_s
+
+			if method_name =~ /^may_(not_)?(.+)_required$/
+				full_permission_name = "#{$1}#{$2}"
+				negate = !!$1		#	double bang converts to boolean
+				permission_name = $2
+				verb,target = permission_name.split(/_/,2)
+
+				#	using target words where singular == plural won't work here
+				if !target.blank? && target == target.singularize
+					unless permission = current_user.try(
+							"may_#{permission_name}?", 
+							instance_variable_get("@#{target}") 
+						)
+						message = "You don't have permission to " <<
+							"#{verb} this #{target}."
+					end
+				else
+					#	current_user may be nil so must use try and NOT send
+					unless permission = current_user.try("may_#{permission_name}?")
+						message = "You don't have permission to " <<
+							"#{permission_name.gsub(/_/,' ')}."
+					end
+				end
+
+				#	exclusive or
+				unless negate ^ permission
+					#	if message is nil, negate will be true
+					message ||= "Access denied.  May #{(negate)?'not ':''}" <<
+						"#{permission_name.gsub(/_/,' ')}."
+					ar = auth_redirections(full_permission_name)
+					access_denied(
+						(ar[:message]||message),
+						(ar[:redirect_to]||root_path||"/")
+					)
+				end
+			else
+				method_missing_without_authorization(symb, *args, &block)
+			end
+		end
+
+	end
+end	#	Controller
+end	#	Authorization
+end	#	SimplyAuthorized
+ActionController::Base.send(:include,SimplyAuthorized::Authorization::Controller)

data/lib/simply_authorized/autotest.rb

@@ -0,0 +1,26 @@
+class Autotest::Rails
+
+#
+#	Need both the mapping and the extra files
+#
+	def run_with_simply_authorized
+		add_exception %r%config/%
+		add_exception %r%versions/%
+		add_exception %r%\.git/%
+		self.extra_files << File.expand_path(File.join(
+				File.dirname(__FILE__),'/../../test/unit/authorized/'))
+
+		self.extra_files << File.expand_path(File.join(
+				File.dirname(__FILE__),'/../../test/functional/authorized/'))
+
+		add_mapping( 
+			%r{^#{File.expand_path(File.join(File.dirname(__FILE__),'/../../test/'))}/(unit|functional)/authorized/.*_test\.rb$}
+			) do |filename, _|
+			filename
+		end
+		run_without_simply_authorized
+	end
+	alias_method_chain :run, :simply_authorized
+
+
+end

data/lib/simply_authorized/controller.rb

@@ -0,0 +1,87 @@
+require 'ssl_requirement'
+module SimplyAuthorized
+module Controller
+
+	def self.included(base)
+		base.extend(ClassMethods)
+		base.send(:include, SslRequirement)
+		#	My ssl_required? overrides SslRequirement so MUST come AFTER!
+		base.send(:include, InstanceMethods)
+		base.class_eval do
+			class << self
+				alias_method_chain :inherited, :ccls_before_filters
+			end
+		end
+	end
+
+	module ClassMethods
+
+	private
+
+		def inherited_with_ccls_before_filters(base)
+			identifier = 'ccls_ensure_proper_protocol'
+			unless filter_chain.select(&:before?).map(&:identifier
+				).include?(identifier)
+				before_filter :ensure_proper_protocol,
+					:identifier => identifier
+			end
+#			identifier = 'ccls_build_menu_js'
+#			unless filter_chain.select(&:before?).map(&:identifier
+#				).include?(identifier)
+#				before_filter :build_menu_js,
+#					:identifier => identifier
+#			end
+			inherited_without_ccls_before_filters(base)
+		end
+
+	end	#	ClassMethods
+
+	module InstanceMethods
+
+	protected
+
+		def ssl_required?
+			# Force https everywhere (that doesn't have ssl_allowed set)
+			true
+		end
+
+		def redirect_to_referer_or_default(default)
+			redirect_to( session[:refer_to] || 
+				request.env["HTTP_REFERER"] || default )
+			session[:refer_to] = nil
+		end
+
+		#	Flash error message and redirect
+		def access_denied( 
+				message="You don't have permission to complete that action.", 
+				default=root_path )
+			session[:return_to] = request.request_uri unless params[:format] == 'js'
+			flash[:error] = message
+			redirect_to default
+		end
+
+#		#	The menu is on every page and this seems as the
+#		#	only way for me to force it into the application
+#		#	layout.
+#		def build_menu_js
+#			js = "" <<
+#				"if ( typeof(translatables) == 'undefined' ){\n" <<
+#				"	var translatables = [];\n" <<
+#				"}\n"
+#			Page.roots.each do |page|
+#				js << "" <<
+#					"tmp={tag:'#menu_#{dom_id(page)}',locales:{}};\n"
+#				%w( en es ).each do |locale|
+#					js << "tmp.locales['#{locale}']='#{page.menu(locale)}'\n"
+#				end
+#				js << "translatables.push(tmp);\n"
+#			end
+#			@template.content_for :head do
+#				@template.javascript_tag js
+#			end
+#		end
+
+	end	#	InstanceMethods
+end	#	Controller
+end	#	CclsEngine
+ActionController::Base.send(:include,SimplyAuthorized::Controller)

data/lib/simply_authorized/core_extension.rb

@@ -0,0 +1,16 @@
+module SimplyAuthorized
+module CoreExtension
+
+	def class_exists?(full_class_name)
+		name_spaces = full_class_name.to_s.split('::')
+		class_name = name_spaces.pop
+		name_space = name_spaces.join('::')
+		klass = ((name_space.blank?) ? Module : name_space.constantize).const_get(class_name.to_s)
+		return klass.is_a?(Class)
+	rescue NameError
+		return false
+	end
+
+end	#	CoreExtension
+end	#	SimplyAuthorized
+include SimplyAuthorized::CoreExtension

data/lib/simply_authorized/factories.rb

@@ -0,0 +1,15 @@
+Factory.define :role do |f|
+	f.sequence(:name) { |n| "name#{n}" }
+end
+
+Factory.define :user do |f|
+	f.sequence(:uid) { |n| "UID#{n}" }
+#	f.sequence(:username) { |n| "username#{n}" }
+#	f.sequence(:email) { |n| "username#{n}@example.com" }
+#	f.password 'V@1!dP@55w0rd'
+#	f.password_confirmation 'V@1!dP@55w0rd'
+#	f.role_name 'user'
+end
+Factory.define :admin_user, :parent => :user do |f|
+	f.administrator true
+end	#	parent must be defined first

data/lib/simply_authorized/factory_test_helper.rb

@@ -0,0 +1,47 @@
+module SimplyAuthorized::FactoryTestHelper
+
+	def active_user(options={})
+		u = Factory(:user, options)
+		#	leave this special save here just in case I change things.
+		#	although this would need changed for UCB CAS.
+		#	u.save_without_session_maintenance
+		#	u
+	end
+	alias_method :user, :active_user
+
+	def superuser(options={})
+		u = active_user(options)
+		u.roles << Role.find_or_create_by_name('superuser')
+		u
+	end
+	alias_method :super_user, :superuser
+
+	def admin_user(options={})
+		u = active_user(options)
+		u.roles << Role.find_or_create_by_name('administrator')
+		u
+	end
+	alias_method :admin, :admin_user
+	alias_method :administrator, :admin_user
+
+	def interviewer(options={})
+		u = active_user(options)
+		u.roles << Role.find_or_create_by_name('interviewer')
+		u
+	end
+
+	def reader(options={})
+		u = active_user(options)
+		u.roles << Role.find_or_create_by_name('reader')
+		u
+	end
+#	alias_method :employee, :reader
+
+	def editor(options={})
+		u = active_user(options)
+		u.roles << Role.find_or_create_by_name('editor')
+		u
+	end
+
+end
+ActiveSupport::TestCase.send(:include,SimplyAuthorized::FactoryTestHelper)

data/lib/simply_authorized/helper.rb

@@ -0,0 +1,28 @@
+module SimplyAuthorized
+module Helper
+
+	def user_roles
+		s = ''
+		if current_user.may_administrate?
+			s << "<ul>"
+			@roles.each do |role|
+				s << "<li>"
+				if @user.role_names.include?(role.name)
+					s << link_to( "Remove user role of '#{role.name}'", 
+						user_role_path(@user,role.name),
+						:method => :delete )
+				else
+					s << link_to( "Assign user role of '#{role.name}'", 
+						user_role_path(@user,role.name),
+						:method => :put )
+				end
+				s << "</li>\n"
+			end
+			s << "</ul>\n"
+		end
+		s
+	end
+
+end
+end
+ActionView::Base.send(:include, SimplyAuthorized::Helper)

data/lib/simply_authorized/permissive_controller.rb

@@ -0,0 +1,27 @@
+module PermissiveController
+	def self.included(base)
+		base.extend(ClassMethods)
+	end
+	module ClassMethods
+		def permissive(*args)
+			options = args.extract_options!
+			resource = ActiveSupport::ModelName.new( options[:resource] ||
+				self.model_name.split('::').last.gsub(/Controller$/,'').singularize)
+#			resource = options[:resource] || ActiveSupport::ModelName.new(
+#				self.model_name.split('::').last.gsub(/Controller$/,'').singularize)
+
+#	remove NameSpace or create the may*required permission
+
+			before_filter "may_create_#{resource.plural}_required",
+				:only => [:new,:create]
+			before_filter "may_read_#{resource.plural}_required",
+				:only => [:show,:index]
+			before_filter "may_update_#{resource.plural}_required",
+				:only => [:edit,:update]
+			before_filter "may_destroy_#{resource.plural}_required",
+				:only => :destroy
+
+		end
+	end
+end
+ActionController::Base.send(:include,PermissiveController)

data/lib/simply_authorized/resourceful_controller.rb

@@ -0,0 +1,83 @@
+module ResourcefulController
+	def self.included(base)
+		base.extend(ClassMethods)
+	end
+	module ClassMethods
+		def resourceful(*args)
+			options = args.extract_options!
+			resource = ActiveSupport::ModelName.new( options[:resource] ||
+				self.model_name.split('::').last.gsub(/Controller$/,'').singularize)
+#			resource = options[:resource] || ActiveSupport::ModelName.new(
+#				self.model_name.split('::').last.gsub(/Controller$/,'').singularize)
+
+			permissive
+
+			before_filter :valid_id_required, 
+				:only => [:show,:edit,:update,:destroy]
+
+			#	by using before filters, the user
+			#	can still add stuff to the action.
+			before_filter :get_all, :only => :index
+			before_filter :get_new, :only => :new
+
+			define_method :destroy do
+				instance_variable_get("@#{resource.singular}").send(:destroy)
+				redirect_to send("#{resource.plural}_path")
+			end
+
+			define_method :create do
+			begin
+				instance_variable_set("@#{resource.singular}",
+					resource.constantize.send(:new,params[resource.singular]))
+				instance_variable_get("@#{resource.singular}").send(:save!)
+				flash[:notice] = 'Success!'
+				redirect_to instance_variable_get("@#{resource.singular}")
+			rescue ActiveRecord::RecordNotSaved, ActiveRecord::RecordInvalid
+				flash.now[:error] = "There was a problem creating " <<
+					"the #{resource.singular}"
+				render :action => "new"
+			end
+			end 
+
+			define_method :update do
+			begin
+				instance_variable_get("@#{resource.singular}").send(
+					:update_attributes!,params[resource.singular])
+				flash[:notice] = 'Success!'
+				redirect_to send(options[:update_redirect]||
+					"#{resource.plural}_path")
+			rescue ActiveRecord::RecordNotSaved, ActiveRecord::RecordInvalid
+				flash.now[:error] = "There was a problem updating " <<
+					"the #{resource.singular}"
+				render :action => "edit"
+			end
+			end
+
+			define_method :get_all do
+				instance_variable_set("@#{resource.plural}",
+					resource.constantize.send(:all) )
+			end
+			protected :get_all
+
+			define_method :get_new do
+				instance_variable_set("@#{resource.singular}",
+					resource.constantize.send(:new) )
+			end
+			protected :get_new
+
+			define_method :valid_id_required do
+				if( !params[:id].blank? && 
+						resource.constantize.send(:exists?,params[:id]) )
+					instance_variable_set("@#{resource.singular}",
+						resource.constantize.send(:find,params[:id]) )
+				else
+					access_denied("Valid id required!",
+						send("#{resource.plural}_path") )
+				end
+			end
+			protected :valid_id_required
+		end
+
+	end
+end
+ActionController::Base.send(:include,ResourcefulController)