langalex-totally-restful-authorization 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- data/README +8 -5
- data/VERSION +1 -1
- data/lib/totally_restful_authorization/permission_dsl.rb +6 -4
- data/test/unit/permission_dsl_test.rb +15 -1
- data/totally-restful-authorization.gemspec +2 -2
- metadata +2 -2
data/README
CHANGED
|
@@ -6,21 +6,24 @@ This plugin adds an authorization layer to your rails app that is <del>completel
|
|
|
6
6
|
How it works
|
|
7
7
|
============
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
Call _check_authorization_ in your restful controller...
|
|
10
10
|
|
|
11
11
|
class ApplicationController < ActionController::Base
|
|
12
|
-
|
|
12
|
+
check_authorization
|
|
13
13
|
end
|
|
14
14
|
|
|
15
15
|
... and then declare the permissions in your model:
|
|
16
16
|
|
|
17
17
|
class User
|
|
18
18
|
updatable_by :admin # updatable if updater.admin? return true
|
|
19
|
-
updatable_by :
|
|
20
|
-
updatable_by :
|
|
19
|
+
updatable_by :admin, :only => [:description] # only allow some attribute to be updated
|
|
20
|
+
updatable_by :self # special role self, allows the object to update itself
|
|
21
|
+
updatable_by :associated => :friend # allow user.friend to update the object
|
|
21
22
|
|
|
22
23
|
viewable_by :anyone # special role, includes nil
|
|
23
|
-
viewable_by :
|
|
24
|
+
viewable_by :admin, :condition => lambda{|user, viewer| user.non_admin? && viewer.account_activated?} # use conditions for more complex permissions
|
|
25
|
+
|
|
26
|
+
|
|
24
27
|
|
|
25
28
|
destroyable_by [:admin, :root] # declare multiple roles at once
|
|
26
29
|
end
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.0.
|
|
1
|
+
0.0.3
|
|
@@ -51,7 +51,7 @@ module TotallyRestfulAuthorization
|
|
|
51
51
|
private
|
|
52
52
|
|
|
53
53
|
def add_options(permissions, role, options)
|
|
54
|
-
if role.
|
|
54
|
+
if role.is_a?(Array)
|
|
55
55
|
role.each do |_role|
|
|
56
56
|
add_options permissions, _role, options
|
|
57
57
|
end
|
|
@@ -88,13 +88,15 @@ module TotallyRestfulAuthorization
|
|
|
88
88
|
|
|
89
89
|
def check_permission(permission, role, user, field)
|
|
90
90
|
permission.inject(false) do |result, role_options|
|
|
91
|
-
result || (
|
|
91
|
+
result || (user_has_permission(user, role) && field_in_only_list(field, role_options) &&
|
|
92
92
|
!field_in_except_list(field, role_options) && condition_met(user, role_options))
|
|
93
93
|
end
|
|
94
94
|
end
|
|
95
95
|
|
|
96
|
-
def
|
|
97
|
-
if role
|
|
96
|
+
def user_has_permission(user, role)
|
|
97
|
+
if role.is_a?(Hash)
|
|
98
|
+
self.send(role[:associated]) == user
|
|
99
|
+
elsif role == :self
|
|
98
100
|
user == self
|
|
99
101
|
elsif role == :anyone
|
|
100
102
|
true
|
|
@@ -5,6 +5,7 @@ class PermissionDslTest < Test::Unit::TestCase
|
|
|
5
5
|
include TotallyRestfulAuthorization::PermissionDsl
|
|
6
6
|
end
|
|
7
7
|
|
|
8
|
+
|
|
8
9
|
def setup
|
|
9
10
|
@clazz = Model
|
|
10
11
|
@clazz.update_permissions.clear
|
|
@@ -35,6 +36,19 @@ class PermissionDslTest < Test::Unit::TestCase
|
|
|
35
36
|
assert _self.updatable_by?(_self)
|
|
36
37
|
end
|
|
37
38
|
|
|
39
|
+
def test_hash_with_associated_is_interpreted_as_attributes_on_the_object
|
|
40
|
+
@clazz.class_eval do
|
|
41
|
+
attr_accessor :user
|
|
42
|
+
updatable_by(:associated => :user)
|
|
43
|
+
end
|
|
44
|
+
|
|
45
|
+
instance = @clazz.new
|
|
46
|
+
user = 'user'
|
|
47
|
+
instance.user = user
|
|
48
|
+
assert instance.updatable_by?(user)
|
|
49
|
+
assert !instance.updatable_by?('other user')
|
|
50
|
+
end
|
|
51
|
+
|
|
38
52
|
def test_special_role_anyone_is_interpreted_as_any_object
|
|
39
53
|
@clazz.send :updatable_by, :anyone
|
|
40
54
|
assert @clazz.new.updatable_by?('yet another object')
|
|
@@ -112,7 +126,7 @@ class PermissionDslTest < Test::Unit::TestCase
|
|
|
112
126
|
assert @clazz.new.destroyable_by?(stub('admin', :admin? => true))
|
|
113
127
|
end
|
|
114
128
|
|
|
115
|
-
def
|
|
129
|
+
def test_declarations_in_inherited_class_dont_interfere_with_superclass
|
|
116
130
|
@clazz2 = Class.new @clazz
|
|
117
131
|
@clazz2.send :destroyable_by, :admin
|
|
118
132
|
assert !@clazz.new.destroyable_by?(stub('admin', :admin? => true))
|
|
@@ -2,11 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
Gem::Specification.new do |s|
|
|
4
4
|
s.name = %q{totally-restful-authorization}
|
|
5
|
-
s.version = "0.0.
|
|
5
|
+
s.version = "0.0.3"
|
|
6
6
|
|
|
7
7
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
8
8
|
s.authors = ["Alexander Lang"]
|
|
9
|
-
s.date = %q{2009-06-
|
|
9
|
+
s.date = %q{2009-06-17}
|
|
10
10
|
s.email = %q{alex@upstream-berlin.com}
|
|
11
11
|
s.extra_rdoc_files = [
|
|
12
12
|
"LICENSE",
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: langalex-totally-restful-authorization
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.0.
|
|
4
|
+
version: 0.0.3
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Alexander Lang
|
|
@@ -9,7 +9,7 @@ autorequire:
|
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
11
|
|
|
12
|
-
date: 2009-06-
|
|
12
|
+
date: 2009-06-17 00:00:00 -07:00
|
|
13
13
|
default_executable:
|
|
14
14
|
dependencies: []
|
|
15
15
|
|