langalex-totally-restful-authorization 0.0.2 → 0.0.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README +8 -5
- data/VERSION +1 -1
- data/lib/totally_restful_authorization/permission_dsl.rb +6 -4
- data/test/unit/permission_dsl_test.rb +15 -1
- data/totally-restful-authorization.gemspec +2 -2
- metadata +2 -2
data/README
CHANGED
|
@@ -6,21 +6,24 @@ This plugin adds an authorization layer to your rails app that is <del>completel
|
|
|
6
6
|
How it works
|
|
7
7
|
============
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
Call _check_authorization_ in your restful controller...
|
|
10
10
|
|
|
11
11
|
class ApplicationController < ActionController::Base
|
|
12
|
-
|
|
12
|
+
check_authorization
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
... and then declare the permissions in your model:
|
|
16
16
|
|
|
17
17
|
class User
|
|
18
18
|
updatable_by :admin # updatable if updater.admin? return true
|
|
19
|
-
updatable_by :
|
|
20
|
-
updatable_by :
|
|
19
|
+
updatable_by :admin, :only => [:description] # only allow some attribute to be updated
|
|
20
|
+
updatable_by :self # special role self, allows the object to update itself
|
|
21
|
+
updatable_by :associated => :friend # allow user.friend to update the object
|
|
21
22
|
|
|
22
23
|
viewable_by :anyone # special role, includes nil
|
|
23
|
-
viewable_by :
|
|
24
|
+
viewable_by :admin, :condition => lambda{|user, viewer| user.non_admin? && viewer.account_activated?} # use conditions for more complex permissions
|
|
25
|
+
|
|
26
|
+
|
|
24
27
|
|
|
25
28
|
destroyable_by [:admin, :root] # declare multiple roles at once
|
|
26
29
|
end
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.0.
|
|
1
|
+
0.0.3
|
|
@@ -51,7 +51,7 @@ module TotallyRestfulAuthorization
|
|
|
51
51
|
private
|
|
52
52
|
|
|
53
53
|
def add_options(permissions, role, options)
|
|
54
|
-
if role.
|
|
54
|
+
if role.is_a?(Array)
|
|
55
55
|
role.each do |_role|
|
|
56
56
|
add_options permissions, _role, options
|
|
57
57
|
end
|
|
@@ -88,13 +88,15 @@ module TotallyRestfulAuthorization
|
|
|
88
88
|
|
|
89
89
|
def check_permission(permission, role, user, field)
|
|
90
90
|
permission.inject(false) do |result, role_options|
|
|
91
|
-
result || (
|
|
91
|
+
result || (user_has_permission(user, role) && field_in_only_list(field, role_options) &&
|
|
92
92
|
!field_in_except_list(field, role_options) && condition_met(user, role_options))
|
|
93
93
|
end
|
|
94
94
|
end
|
|
95
95
|
|
|
96
|
-
def
|
|
97
|
-
if role
|
|
96
|
+
def user_has_permission(user, role)
|
|
97
|
+
if role.is_a?(Hash)
|
|
98
|
+
self.send(role[:associated]) == user
|
|
99
|
+
elsif role == :self
|
|
98
100
|
user == self
|
|
99
101
|
elsif role == :anyone
|
|
100
102
|
true
|
|
@@ -5,6 +5,7 @@ class PermissionDslTest < Test::Unit::TestCase
|
|
|
5
5
|
include TotallyRestfulAuthorization::PermissionDsl
|
|
6
6
|
end
|
|
7
7
|
|
|
8
|
+
|
|
8
9
|
def setup
|
|
9
10
|
@clazz = Model
|
|
10
11
|
@clazz.update_permissions.clear
|
|
@@ -35,6 +36,19 @@ class PermissionDslTest < Test::Unit::TestCase
|
|
|
35
36
|
assert _self.updatable_by?(_self)
|
|
36
37
|
end
|
|
37
38
|
|
|
39
|
+
def test_hash_with_associated_is_interpreted_as_attributes_on_the_object
|
|
40
|
+
@clazz.class_eval do
|
|
41
|
+
attr_accessor :user
|
|
42
|
+
updatable_by(:associated => :user)
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
instance = @clazz.new
|
|
46
|
+
user = 'user'
|
|
47
|
+
instance.user = user
|
|
48
|
+
assert instance.updatable_by?(user)
|
|
49
|
+
assert !instance.updatable_by?('other user')
|
|
50
|
+
end
|
|
51
|
+
|
|
38
52
|
def test_special_role_anyone_is_interpreted_as_any_object
|
|
39
53
|
@clazz.send :updatable_by, :anyone
|
|
40
54
|
assert @clazz.new.updatable_by?('yet another object')
|
|
@@ -112,7 +126,7 @@ class PermissionDslTest < Test::Unit::TestCase
|
|
|
112
126
|
assert @clazz.new.destroyable_by?(stub('admin', :admin? => true))
|
|
113
127
|
end
|
|
114
128
|
|
|
115
|
-
def
|
|
129
|
+
def test_declarations_in_inherited_class_dont_interfere_with_superclass
|
|
116
130
|
@clazz2 = Class.new @clazz
|
|
117
131
|
@clazz2.send :destroyable_by, :admin
|
|
118
132
|
assert !@clazz.new.destroyable_by?(stub('admin', :admin? => true))
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |s|
|
|
4
4
|
s.name = %q{totally-restful-authorization}
|
|
5
|
-
s.version = "0.0.
|
|
5
|
+
s.version = "0.0.3"
|
|
6
6
|
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
8
8
|
s.authors = ["Alexander Lang"]
|
|
9
|
-
s.date = %q{2009-06-
|
|
9
|
+
s.date = %q{2009-06-17}
|
|
10
10
|
s.email = %q{alex@upstream-berlin.com}
|
|
11
11
|
s.extra_rdoc_files = [
|
|
12
12
|
"LICENSE",
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: langalex-totally-restful-authorization
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexander Lang
|
|
@@ -9,7 +9,7 @@ autorequire:
|
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
11
|
|
|
12
|
-
date: 2009-06-
|
|
12
|
+
date: 2009-06-17 00:00:00 -07:00
|
|
13
13
|
default_executable:
|
|
14
14
|
dependencies: []
|
|
15
15
|
|