RubyGems - logical_authz - Versions diffs - 0.1.6 - Mend

logical_authz 0.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (58) hide show

data/lib/logical_authz/configuration.rb ADDED Viewed

@@ -0,0 +1,64 @@
+module LogicalAuthz
+  #These settings are all available in your configuration as:
+  #config.logical_authz.{setting}
+  class Configuration
+    class << self
+      #XXX is this redundant and confusing now?
+      def policy_helper(name, &block)
+        require 'logical_authz/access_control'
+        AccessControl::Builder.register_policy_helper(name, &block)
+      end
+      def unauthorized_groups
+        return @unauthorized_groups unless @unauthorized_groups.nil?
+        groups = unauthorized_group_names.map do |name|
+          Group.find_by_name(name)
+        end
+        if Rails.configuration.cache_classes
+          @unauthorized_groups = groups
+        end
+        return groups
+      end
+      def clear_unauthorized_groups
+        @unauthorized_groups = nil
+      end
+      def unauthorized_group_names=(array)
+        @unauthorized_group_names = array
+      end
+      def unauthorized_group_names
+        @unauthorized_group_names ||= []
+      end
+      def permission_model=(klass)
+        @perm_model = klass
+      end
+      def group_model=(klass)
+        @group_model = klass
+      end
+      def permission_model
+        @perm_model || ::Permission rescue nil
+      end
+      def group_model
+        @group_model || ::Group rescue nil
+      end
+      def debug!
+        @debug = true
+      end
+      def no_debug
+        @debug = false
+      end
+      def debugging?
+        defined? @debug and @debug
+      end
+    end
+  end
+end

data/lib/logical_authz/engine.rb ADDED Viewed

@@ -0,0 +1,18 @@
+require 'rails'
+require 'logical_authz/configuration'
+module LogicalAuthz
+  class Engine < Rails::Engine
+    generators do
+      require 'logical_authz/generator'
+      require 'logical_authz/generators/models/generator'
+      require 'logical_authz/generators/routes/generator'
+      require 'logical_authz/generators/specs/generator'
+      require 'logical_authz/generators/controllers/generator'
+    end
+    config.eager_load_paths.unshift 'app/helpers'
+    config.logical_authz = Configuration
+  end
+end

data/lib/logical_authz/generator.rb ADDED Viewed

@@ -0,0 +1,22 @@
+require 'rails/generators'
+require 'rails/generators/base'
+module LogicalAuthz
+  class LogicalAuthzGenerator < Rails::Generators::Base
+    def models
+      invoke("logical_authz:model")
+    end
+    def routes
+      invoke("logical_authz:routes")
+    end
+    def specs
+      invoke("logical_authz:specs")
+    end
+    def controllers
+      invoke("logical_authz:controller")
+    end
+  end
+end

data/lib/logical_authz/generators/controllers/generator.rb ADDED Viewed

@@ -0,0 +1,15 @@
+require 'logical_authz/generator'
+module LogicalAuthz
+  class ControllerGenerator < LogicalAuthzGenerator
+    source_paths << File::expand_path("../templates", __FILE__)
+    def create_authz_controller
+      template "app/controllers/authz_controller.rb"
+    end
+    def insert_authz_application
+      inject_into_class "app/controllers/application_controller.rb", "ApplicationController", "  include LogicalAuthz::Application\n"
+    end
+  end
+end

data/lib/logical_authz/generators/controllers/templates/app/controllers/authz_controller.rb ADDED Viewed

@@ -0,0 +1,6 @@
+class AuthzController < ApplicationController
+  unloadable
+  needs_authorization
+  admin_authorized
+end

data/lib/logical_authz/generators/models/generator.rb ADDED Viewed

@@ -0,0 +1,109 @@
+require 'logical_authz/generator'
+module LogicalAuthz
+  class ModelGenerator < LogicalAuthzGenerator
+    include Rails::Generators::Migration
+    class_option :user_class, :required => true
+    class_option :permission_class, :default => "Permission"
+    class_option :group_class, :default => "Group"
+    class_option :admin_group, :default => "Administrators"
+    no_tasks do
+      def template_data
+        @template_data ||= {
+          :user_table => options[:user_class].tableize,
+          :permission_table => options[:permission_class].tableize,
+          :group_table => options[:group_class].tableize,
+          :user_field => options[:user_class].underscore,
+          :permission_field => options[:permission_class].underscore,
+          :group_field => options[:group_class].underscore,
+        }
+      end
+      def user_class; options[:user_class]; end
+      def permission_class; options[:permission_class]; end
+      def group_class; options[:group_class]; end
+      def admin_group; options[:admin_group]; end
+      def user_table; template_data[:user_table]; end
+      def permission_table; template_data[:permission_table]; end
+      def group_table; template_data[:group_table]; end
+      def user_field; template_data[:user_field]; end
+      def permission_field; template_data[:permission_field]; end
+      def group_field; template_data[:group_field]; end
+    end
+    #Tragically, this is locked to AR right now
+    def self.next_migration_number(dirname) #:nodoc:
+      next_migration_number = current_migration_number(dirname) + 1
+      if ActiveRecord::Base.timestamped_migrations
+        [Time.now.utc.strftime("%Y%m%d%H%M%S"), "%.14d" % next_migration_number].max
+      else
+        "%.3d" % next_migration_number
+      end
+    end
+    source_paths << File::expand_path("../templates", __FILE__)
+    def generate_group_model
+      invoke "logical_authz:group_model"
+    end
+    def generate_permissions_model
+      invoke "logical_authz:permission_model"
+    end
+    def create_seeds
+      template "db/seeds_logical_authz.rb"
+      append_file "db/seeds.rb", "require 'db/seeds_logical_authz'"
+    end
+    def create_initializer
+      template "config/initializers/logical_authz.rb"
+    end
+  end
+  class GroupModelGenerator < ModelGenerator
+    def create_model
+      template "app/models/group.rb", "app/models/#{group_field}.rb"
+    end
+    def inject_habtm_groups
+      inject_into_class "app/models/#{user_field}.rb", user_class, "  has_and_belongs_to_many :#{group_table}\n"
+    end
+    def create_migration
+      dest_file = "db/migrate/create_#{group_field}.rb"
+      begin
+        migration_template "migrations/create_groups.rb", dest_file
+      rescue Rails::Generators::Error
+        say_status :exist, dest_file, :blue
+      end
+      dest_file = "db/migrate/create_#{user_table}_#{group_table}.rb"
+      begin
+        migration_template "migrations/create_users_groups.rb", dest_file
+      rescue Rails::Generators::Error
+        say_status :exist, dest_file, :blue
+      end
+    end
+  end
+  class PermissionModelGenerator < ModelGenerator
+    def create_model
+      template "app/models/permission.rb", "app/models/#{permission_field}.rb"
+    end
+    def create_migration
+      dest_file = "db/migrate/create_#{permission_field}.rb"
+      migration_template "migrations/create_permissions.rb", dest_file
+    rescue Rails::Generators::Error
+      say_status :exist, dest_file, :blue
+    end
+  end
+  #manifest.class_collisions options[:group_class],
+  #options[:permission_class]
+end

data/lib/logical_authz/generators/models/templates/app/models/group.rb ADDED Viewed

@@ -0,0 +1,33 @@
+class <%=group_class%> < ActiveRecord::Base
+  validates_presence_of :name
+  validates_uniqueness_of :name
+  attr_accessible :name
+  has_many :<%=permission_table%>
+  has_and_belongs_to_many :<%=user_table%>, :class_name => <%= user_class.inspect%>
+  alias members <%=user_table%>
+  # returns true if this group can do *action* on *controller* optional object
+  def can?(action, controller, object = nil)
+    conditions = {
+      :group => self,
+      :controller => controller,
+      :action => action,
+      :id => object.id
+    }
+    return LogicalAuthz::is_authorized?(conditions)
+  end
+  class << self
+    def admin_group
+      self.find_by_name(<%=admin_group.inspect%>)
+    end
+    def member_class
+      <%= user_class%>
+    end
+  end
+end

data/lib/logical_authz/generators/models/templates/app/models/permission.rb ADDED Viewed

@@ -0,0 +1,3 @@
+class <%=permission_class%> < ActiveRecord::Base
+  belongs_to :<%=group_field%>
+end

data/lib/logical_authz/generators/models/templates/config/initializers/logical_authz.rb ADDED Viewed

@@ -0,0 +1,20 @@
+#if you aren't using authlogic, you'll need to roll your own
+#(otherwise you'll need to emulate the contents therein somewhere)
+require 'logical_authz/authn_facade/authlogic'
+#You only need this if you want guest users to be able to do some things that
+#logged in users can't:
+#LogicalAuthz.unauthorized_group_names = %w{Guest}
+#You only need these lines if, for whatever reason, you have a models already
+#defined that colide with LogicalAuthz model names and need to rename the
+#LogicalAuthz model
+#(You can set that up by passing a switch to the generator)
+#
+<%if permission_class == "Permission"
+%>#<%end%>LogicalAuthz::set_permission_model(<%=permission_class%>)
+<%if group_class == "Group"
+%>#<%end%>LogicalAuthz::set_group_model(<%=group_class%>)

data/lib/logical_authz/generators/models/templates/db/seeds_logical_authz.rb ADDED Viewed

@@ -0,0 +1,21 @@
+#Add:
+#require 'db/logical_authz_seeds.rb'
+#to your db/seeds
+admin_group = <%=group_class%>.find_or_create_by_name(<%=admin_group.inspect%>).save!
+module LogicalAuthz
+  module PermissionSeeds
+    def self.create_permission(user, controller, action = nil, subject_id = nil)
+      <%=permission_class%>.create!(
+        :group_id => user.id,
+        :controller => controller,
+        :action => action,
+        :subject_id => subject_id
+      )
+    end
+    #Create permissions like this:
+    #create_permission(admin_group, "admin/permissions")
+  end
+end

data/lib/logical_authz/generators/models/templates/migrations/create_groups.rb ADDED Viewed

@@ -0,0 +1,12 @@
+class Create<%=group_class%> < ActiveRecord::Migration
+  def self.up
+    create_table :<%= group_table%> do |t|
+      t.string :name
+      t.timestamps
+    end
+  end
+  def self.down
+    drop_table :<%=group_table%>
+  end
+end

data/lib/logical_authz/generators/models/templates/migrations/create_permissions.rb ADDED Viewed

@@ -0,0 +1,15 @@
+class Create<%= permission_class %> < ActiveRecord::Migration
+  def self.up
+    create_table :<%= permission_table%> do |t|
+      t.references :<%= group_field%>
+      t.string :controller
+      t.string :action
+      t.integer :subject_id
+      t.timestamps
+    end
+  end
+  def self.down
+    drop_table :<%=permission_table%>
+  end
+end

data/lib/logical_authz/generators/models/templates/migrations/create_users_groups.rb ADDED Viewed

@@ -0,0 +1,13 @@
+class CreateUsersGroups < ActiveRecord::Migration
+  def self.up
+    create_table :<%= group_table%>_<%= user_table%>, :id => false do |t|
+      t.references :<%= user_field%>
+      t.references :<%= group_field%>
+      t.timestamps
+    end
+  end
+  def self.down
+    drop_table :<%=group_table%>_<%=user_table%>
+  end
+end

data/lib/logical_authz/generators/routes/generator.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module LogicalAuthz
+  class RoutesGenerator < LogicalAuthzGenerator
+    def add_group_user
+      route "post '/group_user' => 'groups_users#create'"
+      route "delete '/ungroup_user' => 'groups_users#destroy'"
+    end
+    def add_permissions
+      route "post '/permit' => 'permissions#create'"
+      route "delete '/permit' => 'permissions#destroy'"
+    end
+    def add_groups
+      route "resources :groups"
+    end
+    def default_unauthorized
+      route "match '/' => 'home#index', :as => :default_unauthorized"
+    end
+  end
+end

data/lib/logical_authz/generators/specs/generator.rb ADDED Viewed

@@ -0,0 +1,57 @@
+module LogicalAuthz
+  class SpecsGenerator < LogicalAuthzGenerator
+    source_paths << File::expand_path("../templates", __FILE__)
+    class_option :user_class, :required => true
+    class_option :permission_class, :default => "Permission"
+    class_option :group_class, :default => "Group"
+    no_tasks do
+      def template_data
+        @template_data ||= {
+          :user_table => options[:user_class].tableize,
+          :permission_table => options[:permission_class].tableize,
+          :group_table => options[:group_class].tableize,
+        }
+      end
+      def user_class; options[:user_class]; end
+      def permission_class; options[:permission_class]; end
+      def group_class; options[:group_class]; end
+      def admin_group; options[:admin_group]; end
+      def user_table; template_data[:user_table]; end
+      def permissions_table; template_data[:permissions_table]; end
+      def group_table; template_data[:group_table]; end
+    end
+    def create_factories
+      empty_directory "spec/factories"
+      template "spec/factories/az_accounts.rb", "spec/factories/logical_authz_#{template_data[:user_table]}.rb"
+      template "spec/factories/az_groups.rb", "spec/factories/logical_authz_#{template_data[:group_table]}.rb"
+      template "spec/factories/permissions.rb", "spec/factories/logical_authz_#{template_data[:permission_table]}.rb"
+    end
+    def create_helper_spec
+      empty_directory "spec/helpers"
+      template "spec/helpers/logical_authz_helper_spec.rb", "spec/helpers/logical_authz_helper_spec.rb"
+    end
+    def create_controller_specs
+      empty_directory "spec/controllers"
+      template "spec/controllers/permissions_controller_spec.rb", "spec/controllers/permissions_controller_spec.rb"
+      template "spec/controllers/groups_controller_spec.rb", "spec/controllers/groups_controller_spec.rb"
+      template "spec/controllers/groups_users_controller_spec.rb", "spec/controllers/groups_users_controller_spec.rb"
+    end
+    def create_support
+      empty_directory "spec/support"
+      template "spec/support/logical_authz.rb"
+      template "spec/support/mock_auth.rb"
+    end
+  end
+end

data/lib/logical_authz/generators/specs/templates/spec/controllers/groups_controller_spec.rb ADDED Viewed

@@ -0,0 +1,102 @@
+require 'spec/spec_helper'
+describe GroupsController do
+  include LogicalAuthz::MockAuth
+  def mock_group(stubs={})
+    @mock_group ||= mock_model(Group, stubs)
+  end
+  describe "logging in as non-admin" do
+    before(:each) do
+      @person = Factory.create(:authz_account)
+      login_as(@person)
+    end
+    it "should redirect away from index with an error message" do
+      pending "relocation to host app"
+      get :index
+      response.should be_redirect
+      flash[:error].should_not be_nil
+    end
+  end
+  describe "logged in as admin" do
+    before(:each) do
+      @person = login_as(Factory.create(:authz_admin))
+    end
+    describe "GET index" do
+      it "assigns all groups as @groups" do
+        Group.stub!(:all).and_return([mock_group])
+        get :index
+        controller.should be_authorized
+        assigns[:groups].should == [mock_group]
+      end
+    end
+    describe "GET show" do
+      before(:each) do
+        @group = Factory.create(:group, :name => 'foo')
+      end
+      it "should find and expose the requested group as @group" do
+        get :show, :id => @group.id
+        assigns[:group].should == @group
+      end
+    end
+    describe "POST create" do
+      describe "with valid params" do
+        it "creates a new group and assigns it as @group" do
+          lambda do
+            post :create, :group => { :name => "foo group" }
+          end.should change(Group, :count).by(1)
+          assigns[:group].name.should == "foo group"
+        end
+        it "redirects back" do
+          post :create, :group => { :name => "foo group" }
+          response.should redirect_to(groups_url)
+        end
+      end
+      describe "with invalid params" do
+        it "assigns a newly created but unsaved group as @group" do
+          pending
+          Group.stub!(:new).and_return(mock_group(:save => false))
+          lambda do
+            post :create, :group => {}
+          end.should_not change(Group).by(1)
+          assigns[:group].should_not be_nil
+        end
+        it "re-renders the 'new' template" do
+          Group.stub!(:new).and_return(mock_group(:save => false))
+          post :create, :group => {}
+          response.should render_template('new')
+        end
+      end
+    end
+    describe "DELETE destroy" do
+      # create a group for tests to operate on
+       before(:each) do
+         @group = Factory.create(:group, :name => "foo group")
+       end
+      it "deletes exactly one group" do
+        lambda do
+          delete :destroy, :id => @group.id
+        end.should change(Group, :count).by(-1)
+      end
+      it "removes the correct group" do
+        Group.find(@group.id).should_not be_nil
+        delete :destroy, :id => @group.id
+        lambda { Group.find(@group.id) }.should raise_error(ActiveRecord::RecordNotFound)
+      end
+    end
+  end
+end

data/lib/logical_authz/generators/specs/templates/spec/controllers/groups_users_controller_spec.rb ADDED Viewed

@@ -0,0 +1,47 @@
+require 'spec/spec_helper'
+describe GroupsUsersController do
+  include LogicalAuthz::MockAuth
+  before(:each) do
+    @admin = login_as( Factory.create(:authz_admin) )
+    request.env['HTTP_REFERER'] = "http://test.host/previous/page"
+    @user = Factory.create(:authz_account)
+    @user.groups.clear
+    @group = Factory.create(:group, :name => "registered")
+  end
+  it "group should exist" do
+    @group.should_not be_nil
+  end
+  describe "POST 'create'" do
+    it "should succeed" do
+      post 'create', :user_id => @user.id, :group_id => @group.id
+      response.should be_redirect
+    end
+    it "should create the association" do
+      post 'create', :user_id => @user.id, :group_id => @group.id
+      @user.reload.groups.should include(@group)
+    end
+  end
+  describe "GET 'destroy'" do
+    before(:each) do
+      @user.groups << @group
+    end
+    it "should be successful" do
+      delete 'destroy', :user_id => @user.id, :group_id => @group.id
+      response.should be_redirect
+    end
+    it "should delete the association" do
+      delete 'destroy', :user_id => @user.id, :group_id => @group.id
+      @user.reload.groups.should_not include(@group)
+    end
+    it "should not allow removing a user from all_users"
+  end
+end

data/lib/logical_authz/generators/specs/templates/spec/controllers/permissions_controller_spec.rb ADDED Viewed

@@ -0,0 +1,24 @@
+require 'spec/spec_helper'
+describe PermissionsController do
+  include LogicalAuthz::MockAuth
+  before(:each) do
+    @person = login_as(Factory.create(:authz_admin))
+    request.env["HTTP_ACCEPT"] = "application/javascript"
+    @group = Factory.create(:group)
+  end
+  describe "POST Created" do
+    it "should respond with javascript" do
+      post  :create, {
+        "permission"=> "true",
+        "group"=> @group.id,
+        "p_action"=>"show",
+        "p_controller" => "blah",
+        "object"=> 123
+      }
+      response.headers["Content-Type"].should =~ %r{/javascript}
+    end
+  end
+end

data/lib/logical_authz/generators/specs/templates/spec/factories/az_accounts.rb ADDED Viewed

@@ -0,0 +1,7 @@
+Factory.define :authz_account , :class => <%= user_class %> do |u|
+  u.name "Quentin Johnson"
+end
+Factory.define :authz_admin, :parent => :authz_account do |u|
+  u.groups {|u| [ u.association(:admin_group) ]}
+end

data/lib/logical_authz/generators/specs/templates/spec/factories/az_groups.rb ADDED Viewed

@@ -0,0 +1,7 @@
+Factory.define :group do |g|
+  g.sequence(:name) {|n| "group_#{n}"}
+end
+Factory.define :admin_group, :parent => :group do |g|
+  g.name "Administration"
+end

data/lib/logical_authz/generators/specs/templates/spec/factories/permissions.rb ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ Factory.define :permission do \|perm\|
2	+ end