logical_authz 0.1.10 → 0.2.1
Sign up to get free protection for your applications and to get access to all the features.
- data/LICENSE +21 -0
- data/README +117 -0
- data/app/controllers/groups_controller.rb +1 -1
- data/doc/README +2 -0
- data/lib/logical_authz.rb +1 -110
- data/lib/logical_authz/access_control.rb +1 -1
- data/lib/logical_authz/application.rb +11 -0
- data/lib/logical_authz/common.rb +110 -0
- data/rails/init.rb +8 -0
- data/tasks/setup_logical_authz.rake +19 -0
- metadata +131 -35
- data/config/initializers/activate.rb +0 -1
- data/spec/gem_test_suite.rb +0 -17
- data/spec/spec_helper.rb +0 -43
data/LICENSE
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
The MIT License
|
2
|
+
|
3
|
+
Copyright (c) 2011 Judson Lester
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining a copy
|
6
|
+
of this software and associated documentation files (the "Software"), to deal
|
7
|
+
in the Software without restriction, including without limitation the rights
|
8
|
+
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
9
|
+
copies of the Software, and to permit persons to whom the Software is
|
10
|
+
furnished to do so, subject to the following conditions:
|
11
|
+
|
12
|
+
The above copyright notice and this permission notice shall be included in
|
13
|
+
all copies or substantial portions of the Software.
|
14
|
+
|
15
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
16
|
+
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
17
|
+
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
18
|
+
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
19
|
+
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
20
|
+
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
21
|
+
THE SOFTWARE.
|
data/README
ADDED
@@ -0,0 +1,117 @@
|
|
1
|
+
LogicalAuthz
|
2
|
+
============
|
3
|
+
|
4
|
+
Provides simple, fast group based Authorization facilities for Rails apps.
|
5
|
+
|
6
|
+
Example
|
7
|
+
=======
|
8
|
+
|
9
|
+
class MyController
|
10
|
+
needs_authorization :show, :index #other actions available to anyone
|
11
|
+
#needs_authorization <- this form makes the whole controller authorized
|
12
|
+
|
13
|
+
def show
|
14
|
+
...
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
in spec/controller/my_controller_spec.rb:
|
19
|
+
|
20
|
+
require 'logical_authz/spec_helper'
|
21
|
+
describe MyController do
|
22
|
+
before do
|
23
|
+
end
|
24
|
+
it "should require authorization" do
|
25
|
+
get :show
|
26
|
+
controller.should_not be_authorized
|
27
|
+
end
|
28
|
+
|
29
|
+
describe "accessed by an authorized user" do
|
30
|
+
before do
|
31
|
+
login_as_authorized #whatever that means
|
32
|
+
end
|
33
|
+
|
34
|
+
it "should accept authorization" do
|
35
|
+
controller.should be_authorized
|
36
|
+
end
|
37
|
+
end
|
38
|
+
end
|
39
|
+
|
40
|
+
in app/views/my_view.html.haml
|
41
|
+
- if authorized?(:action => show)
|
42
|
+
= show_my_url("Show")
|
43
|
+
- else
|
44
|
+
Show
|
45
|
+
|
46
|
+
What You Get
|
47
|
+
============
|
48
|
+
An authorization filter for controllers
|
49
|
+
Some handy class method DSL action to adding the filter and controlling which
|
50
|
+
methods it applies to:
|
51
|
+
|
52
|
+
needs_authorization(optional_array_of_actions) #or else the whole controller
|
53
|
+
grant_aliases(:edit => [:update, :show]) #because if I can edit, I should be i
|
54
|
+
#able to see it
|
55
|
+
dynamic_authorization do |criteria|
|
56
|
+
whatever #Allows complete control over hardcoded authorization
|
57
|
+
end
|
58
|
+
admin_authorized(:optional, :actions) #shortcut for "Admin is always allowed"
|
59
|
+
|
60
|
+
A couple of view helpers:
|
61
|
+
authorized?(:controller => "name", :user => current_user, :action => :edit)
|
62
|
+
|
63
|
+
The fundamental authorization method:
|
64
|
+
LogicalAuthz::is_authorized(:controller => "...", :group => "...", :action =>
|
65
|
+
"...", :id => "...") # :user => '' will be translated in the user's groups.
|
66
|
+
|
67
|
+
A set of spec matchers: authorized and forbidden.
|
68
|
+
|
69
|
+
The Authorization Model
|
70
|
+
=======================
|
71
|
+
|
72
|
+
A permission related the following things: a group, a controller, an action,
|
73
|
+
and a id. If a permission exists, it means that members of the group are
|
74
|
+
allowed to perform the controller#action with that params[:id].
|
75
|
+
|
76
|
+
id is allowed to be nil, in which case members of the group are allowed to
|
77
|
+
perform that controller#action on any id. Very useful for Post#create for
|
78
|
+
instance.
|
79
|
+
|
80
|
+
action is allowed to be nil, in which case members of the group are allowed to
|
81
|
+
perform any action on the controller.
|
82
|
+
|
83
|
+
Getting Started
|
84
|
+
===============
|
85
|
+
|
86
|
+
script/plugin install git@github.com:LRDesign/LogicalAuthz.git
|
87
|
+
|
88
|
+
script/generate logical_authz_models -u User #<= this needs to be the name of your user model
|
89
|
+
rake logical_authz:setup #<= adds some stuff to the end of db/seeds.rb
|
90
|
+
|
91
|
+
edit the migrations to align them with your project - feel free to leave it alone
|
92
|
+
edit config/initializers/authz.rb
|
93
|
+
edit db/seeds.rb to add:
|
94
|
+
require 'db/logical_authz_seeds'
|
95
|
+
... and to create any permissions you want to start with
|
96
|
+
|
97
|
+
In your ApplicationController add:
|
98
|
+
include LogicalAuthz::Application
|
99
|
+
|
100
|
+
Gotchas
|
101
|
+
=======
|
102
|
+
|
103
|
+
LogicalAuthz uses flash to pass information about about authorization between
|
104
|
+
controllers - as a result, if you're using a lazy flash display layout, you'll
|
105
|
+
display a bunch of junk to the user. Our opinion is that you should probably
|
106
|
+
only be automatically displaying :notice, :info, and :error to the user, but
|
107
|
+
regardless, the flash hash is too useful to only use for displaying information
|
108
|
+
to the user.
|
109
|
+
|
110
|
+
If you don't already have a Group model, LogicalAuthz provides one. If you do,
|
111
|
+
the generator may currently give you some headaches - the plan is to split out
|
112
|
+
the individual models and allow some of them to be omitted. In the meantime,
|
113
|
+
either you could generate a different group (-g) and reconcile the result, or
|
114
|
+
remove the class_colision line from the generator.
|
115
|
+
|
116
|
+
Copyright (c) 2010 Judson Lester and Logical Reality Design, released under the MIT license
|
117
|
+
|
data/doc/README
ADDED
data/lib/logical_authz.rb
CHANGED
@@ -1,110 +1 @@
|
|
1
|
-
require 'logical_authz/
|
2
|
-
require 'logical_authz/application'
|
3
|
-
require 'logical_authz/configuration'
|
4
|
-
|
5
|
-
module LogicalAuthz
|
6
|
-
PermissionSelect = "controller = :controller AND " +
|
7
|
-
"group_id IN (:group_ids) AND " +
|
8
|
-
"((action IS NULL AND subject_id IS NULL) OR " +
|
9
|
-
"(action IN (:action_names) AND " +
|
10
|
-
"(subject_id IS NULL OR subject_id = :subject_id)))"
|
11
|
-
|
12
|
-
class << self
|
13
|
-
def inspect_criteria(criteria)
|
14
|
-
criteria.inject({}) do |hash, name_value|
|
15
|
-
name, value = *name_value
|
16
|
-
case value
|
17
|
-
when ActiveRecord::Base
|
18
|
-
hash[name] = {value.class.name => value.id}
|
19
|
-
when ActionController::Base
|
20
|
-
hash[name] = value.class
|
21
|
-
else
|
22
|
-
hash[name] = value
|
23
|
-
end
|
24
|
-
|
25
|
-
hash
|
26
|
-
end.inspect
|
27
|
-
end
|
28
|
-
|
29
|
-
def find_controller(reference)
|
30
|
-
klass = nil
|
31
|
-
|
32
|
-
case reference
|
33
|
-
when Class
|
34
|
-
if LogicalAuthz::Application > reference
|
35
|
-
klass = reference
|
36
|
-
end
|
37
|
-
when LogicalAuthz::Application
|
38
|
-
klass = reference.class
|
39
|
-
when String, Symbol
|
40
|
-
klass_name = reference.to_s.camelize + "Controller"
|
41
|
-
begin
|
42
|
-
klass = klass_name.constantize
|
43
|
-
rescue NameError
|
44
|
-
end
|
45
|
-
end
|
46
|
-
|
47
|
-
return klass
|
48
|
-
end
|
49
|
-
|
50
|
-
def check_controller(klass, from_criteria)
|
51
|
-
if klass.nil?
|
52
|
-
raise "Could not determine controller class - criteria[:controller] => #{from_criteria}"
|
53
|
-
end
|
54
|
-
end
|
55
|
-
|
56
|
-
def check_permitted(criteria)
|
57
|
-
select_on = {
|
58
|
-
:group_ids => criteria[:group].map {|grp| grp.id},
|
59
|
-
:controller => criteria[:controller_path],
|
60
|
-
:action_names => criteria[:action_aliases].map {|a| a.to_s},
|
61
|
-
:subject_id => criteria[:id]
|
62
|
-
}
|
63
|
-
|
64
|
-
laz_debug{ "LogicalAuthz: checking permissions: #{select_on.inspect}" }
|
65
|
-
allowed = LogicalAuthz::Configuration::permission_model.exists?([PermissionSelect, select_on])
|
66
|
-
unless allowed
|
67
|
-
laz_debug{ "Denied: #{select_on.inspect}"}
|
68
|
-
else
|
69
|
-
laz_debug{ "Allowed: #{select_on.inspect}"}
|
70
|
-
end
|
71
|
-
return allowed
|
72
|
-
end
|
73
|
-
|
74
|
-
|
75
|
-
def is_authorized?(criteria=nil, authz_record=nil)
|
76
|
-
criteria ||= {}
|
77
|
-
authz_record ||= {}
|
78
|
-
authz_record.merge! :criteria => criteria, :result => nil, :reason => nil
|
79
|
-
|
80
|
-
laz_debug{"LogicalAuthz: asked to authorize #{inspect_criteria(criteria)}"}
|
81
|
-
|
82
|
-
controller_class = find_controller(criteria[:controller])
|
83
|
-
|
84
|
-
laz_debug{"LogicalAuthz: determined controller: #{controller_class.name}"}
|
85
|
-
|
86
|
-
check_controller(controller_class, criteria[:controller])
|
87
|
-
|
88
|
-
unless controller_class.authorization_needed?(criteria[:action])
|
89
|
-
laz_debug{"LogicalAuthz: controller says no authz needed."}
|
90
|
-
authz_record.merge! :reason => :no_authorization_needed, :result => true
|
91
|
-
else
|
92
|
-
laz_debug{"LogicalAuthz: checking authorization"}
|
93
|
-
|
94
|
-
controller_class.normalize_criteria(criteria)
|
95
|
-
|
96
|
-
#TODO Fail if group unspecified and user unspecified?
|
97
|
-
|
98
|
-
unless (acl_result = controller_class.check_acls(criteria, authz_record)).nil?
|
99
|
-
authz_record[:result] = acl_result
|
100
|
-
else
|
101
|
-
authz_record.merge! :reason => :default, :result => controller_class.default_authorization
|
102
|
-
end
|
103
|
-
end
|
104
|
-
|
105
|
-
laz_debug{authz_record}
|
106
|
-
|
107
|
-
return authz_record[:result]
|
108
|
-
end
|
109
|
-
end
|
110
|
-
end
|
1
|
+
require 'logical_authz/engine'
|
@@ -23,6 +23,17 @@ module LogicalAuthz
|
|
23
23
|
end
|
24
24
|
end
|
25
25
|
|
26
|
+
def redirect_to_last_unauthorized(message = nil)
|
27
|
+
message ||= "Login successful"
|
28
|
+
if (laz_session = session[:logical_authz]) && (unauthorized = laz_session[:unauthzd_path])
|
29
|
+
laz_debug{{:going_to_last_unauth => laz_session}.inspect}
|
30
|
+
redirect_to(unauthorized, :flash => {:success => message})
|
31
|
+
else
|
32
|
+
laz_debug{{:going_root => laz_session}.inspect}
|
33
|
+
redirect_to(:root, :flash => {:success => message})
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
26
37
|
def strip_record(record)
|
27
38
|
laz_debug{"Logical Authz: stripping: #{record.inspect}"}
|
28
39
|
{
|
@@ -0,0 +1,110 @@
|
|
1
|
+
require 'logical_authz/access_control'
|
2
|
+
require 'logical_authz/application'
|
3
|
+
require 'logical_authz/configuration'
|
4
|
+
|
5
|
+
module LogicalAuthz
|
6
|
+
PermissionSelect = "controller = :controller AND " +
|
7
|
+
"group_id IN (:group_ids) AND " +
|
8
|
+
"((action IS NULL AND subject_id IS NULL) OR " +
|
9
|
+
"(action IN (:action_names) AND " +
|
10
|
+
"(subject_id IS NULL OR subject_id = :subject_id)))"
|
11
|
+
|
12
|
+
class << self
|
13
|
+
def inspect_criteria(criteria)
|
14
|
+
criteria.inject({}) do |hash, name_value|
|
15
|
+
name, value = *name_value
|
16
|
+
case value
|
17
|
+
when ActiveRecord::Base
|
18
|
+
hash[name] = {value.class.name => value.id}
|
19
|
+
when ActionController::Base
|
20
|
+
hash[name] = value.class
|
21
|
+
else
|
22
|
+
hash[name] = value
|
23
|
+
end
|
24
|
+
|
25
|
+
hash
|
26
|
+
end.inspect
|
27
|
+
end
|
28
|
+
|
29
|
+
def find_controller(reference)
|
30
|
+
klass = nil
|
31
|
+
|
32
|
+
case reference
|
33
|
+
when Class
|
34
|
+
if LogicalAuthz::Application > reference
|
35
|
+
klass = reference
|
36
|
+
end
|
37
|
+
when LogicalAuthz::Application
|
38
|
+
klass = reference.class
|
39
|
+
when String, Symbol
|
40
|
+
klass_name = reference.to_s.camelize + "Controller"
|
41
|
+
begin
|
42
|
+
klass = klass_name.constantize
|
43
|
+
rescue NameError
|
44
|
+
end
|
45
|
+
end
|
46
|
+
|
47
|
+
return klass
|
48
|
+
end
|
49
|
+
|
50
|
+
def check_controller(klass, from_criteria)
|
51
|
+
if klass.nil?
|
52
|
+
raise "Could not determine controller class - criteria[:controller] => #{from_criteria}"
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
def check_permitted(criteria)
|
57
|
+
select_on = {
|
58
|
+
:group_ids => criteria[:group].map {|grp| grp.id},
|
59
|
+
:controller => criteria[:controller_path],
|
60
|
+
:action_names => criteria[:action_aliases].map {|a| a.to_s},
|
61
|
+
:subject_id => criteria[:id]
|
62
|
+
}
|
63
|
+
|
64
|
+
laz_debug{ "LogicalAuthz: checking permissions: #{select_on.inspect}" }
|
65
|
+
allowed = LogicalAuthz::Configuration::permission_model.exists?([PermissionSelect, select_on])
|
66
|
+
unless allowed
|
67
|
+
laz_debug{ "Denied: #{select_on.inspect}"}
|
68
|
+
else
|
69
|
+
laz_debug{ "Allowed: #{select_on.inspect}"}
|
70
|
+
end
|
71
|
+
return allowed
|
72
|
+
end
|
73
|
+
|
74
|
+
|
75
|
+
def is_authorized?(criteria=nil, authz_record=nil)
|
76
|
+
criteria ||= {}
|
77
|
+
authz_record ||= {}
|
78
|
+
authz_record.merge! :criteria => criteria, :result => nil, :reason => nil
|
79
|
+
|
80
|
+
laz_debug{"LogicalAuthz: asked to authorize #{inspect_criteria(criteria)}"}
|
81
|
+
|
82
|
+
controller_class = find_controller(criteria[:controller])
|
83
|
+
|
84
|
+
laz_debug{"LogicalAuthz: determined controller: #{controller_class.name}"}
|
85
|
+
|
86
|
+
check_controller(controller_class, criteria[:controller])
|
87
|
+
|
88
|
+
unless controller_class.authorization_needed?(criteria[:action])
|
89
|
+
laz_debug{"LogicalAuthz: controller says no authz needed."}
|
90
|
+
authz_record.merge! :reason => :no_authorization_needed, :result => true
|
91
|
+
else
|
92
|
+
laz_debug{"LogicalAuthz: checking authorization"}
|
93
|
+
|
94
|
+
controller_class.normalize_criteria(criteria)
|
95
|
+
|
96
|
+
#TODO Fail if group unspecified and user unspecified?
|
97
|
+
|
98
|
+
unless (acl_result = controller_class.check_acls(criteria, authz_record)).nil?
|
99
|
+
authz_record[:result] = acl_result
|
100
|
+
else
|
101
|
+
authz_record.merge! :reason => :default, :result => controller_class.default_authorization
|
102
|
+
end
|
103
|
+
end
|
104
|
+
|
105
|
+
laz_debug{authz_record}
|
106
|
+
|
107
|
+
return authz_record[:result]
|
108
|
+
end
|
109
|
+
end
|
110
|
+
end
|
data/rails/init.rb
ADDED
@@ -0,0 +1,8 @@
|
|
1
|
+
ActionView::Base.send :include, LogicalAuthz::Helper
|
2
|
+
#This is maybe slightly unfriendly - we won't be offended if you delete it from
|
3
|
+
#your local copies of the gem. A configuration is coming in a near future
|
4
|
+
#version. When you get weird errors like "can't dup nil!" in development that
|
5
|
+
#aren't there in production, don't blame us
|
6
|
+
[controller_path, File::join(directory, "app", "helpers")].each do |reloaded_path|
|
7
|
+
ActiveSupport::Dependencies::load_once_paths.delete(reloaded_path)
|
8
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
namespace :logical_authz do
|
2
|
+
task :append_seeds do
|
3
|
+
File::open(File::join(RAILS_ROOT, "db", "seeds.rb"), "a+") do |seeds_file|
|
4
|
+
seeds_file.rewind
|
5
|
+
if seeds_file.grep(/.*module PermissionSeeds.*/).empty?
|
6
|
+
puts "Appending logical_authz seeds to db/seeds.rb"
|
7
|
+
seeds_file.seek(-1, IO::SEEK_END)
|
8
|
+
|
9
|
+
File::open(File::join(File::dirname(__FILE__),
|
10
|
+
"..", "..", "db", "seeds.rb"), "r") do |src|
|
11
|
+
seeds_file.write(src.read)
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
desc "Setup logical_authz in your application"
|
18
|
+
task :setup => [:append_seeds]
|
19
|
+
end
|
metadata
CHANGED
@@ -1,13 +1,13 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: logical_authz
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
hash:
|
4
|
+
hash: 21
|
5
5
|
prerelease:
|
6
6
|
segments:
|
7
7
|
- 0
|
8
|
+
- 2
|
8
9
|
- 1
|
9
|
-
|
10
|
-
version: 0.1.10
|
10
|
+
version: 0.2.1
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Judson Lester
|
@@ -15,19 +15,131 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2011-
|
18
|
+
date: 2011-06-06 00:00:00 -07:00
|
19
19
|
default_executable:
|
20
|
-
dependencies:
|
21
|
-
|
20
|
+
dependencies:
|
21
|
+
- !ruby/object:Gem::Dependency
|
22
|
+
name: rake-gemcutter
|
23
|
+
prerelease: false
|
24
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
26
|
+
requirements:
|
27
|
+
- - ">="
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
hash: 27
|
30
|
+
segments:
|
31
|
+
- 0
|
32
|
+
- 1
|
33
|
+
- 0
|
34
|
+
version: 0.1.0
|
35
|
+
type: :development
|
36
|
+
version_requirements: *id001
|
37
|
+
- !ruby/object:Gem::Dependency
|
38
|
+
name: hanna
|
39
|
+
prerelease: false
|
40
|
+
requirement: &id002 !ruby/object:Gem::Requirement
|
41
|
+
none: false
|
42
|
+
requirements:
|
43
|
+
- - ~>
|
44
|
+
- !ruby/object:Gem::Version
|
45
|
+
hash: 27
|
46
|
+
segments:
|
47
|
+
- 0
|
48
|
+
- 1
|
49
|
+
- 0
|
50
|
+
version: 0.1.0
|
51
|
+
type: :development
|
52
|
+
version_requirements: *id002
|
53
|
+
- !ruby/object:Gem::Dependency
|
54
|
+
name: mailfactory
|
55
|
+
prerelease: false
|
56
|
+
requirement: &id003 !ruby/object:Gem::Requirement
|
57
|
+
none: false
|
58
|
+
requirements:
|
59
|
+
- - ~>
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
hash: 7
|
62
|
+
segments:
|
63
|
+
- 1
|
64
|
+
- 4
|
65
|
+
- 0
|
66
|
+
version: 1.4.0
|
67
|
+
type: :development
|
68
|
+
version_requirements: *id003
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: rspec
|
71
|
+
prerelease: false
|
72
|
+
requirement: &id004 !ruby/object:Gem::Requirement
|
73
|
+
none: false
|
74
|
+
requirements:
|
75
|
+
- - ">="
|
76
|
+
- !ruby/object:Gem::Version
|
77
|
+
hash: 3
|
78
|
+
segments:
|
79
|
+
- 2
|
80
|
+
- 0
|
81
|
+
version: "2.0"
|
82
|
+
type: :development
|
83
|
+
version_requirements: *id004
|
84
|
+
- !ruby/object:Gem::Dependency
|
85
|
+
name: bundler
|
86
|
+
prerelease: false
|
87
|
+
requirement: &id005 !ruby/object:Gem::Requirement
|
88
|
+
none: false
|
89
|
+
requirements:
|
90
|
+
- - ~>
|
91
|
+
- !ruby/object:Gem::Version
|
92
|
+
hash: 23
|
93
|
+
segments:
|
94
|
+
- 1
|
95
|
+
- 0
|
96
|
+
- 0
|
97
|
+
version: 1.0.0
|
98
|
+
type: :development
|
99
|
+
version_requirements: *id005
|
100
|
+
- !ruby/object:Gem::Dependency
|
101
|
+
name: rcov
|
102
|
+
prerelease: false
|
103
|
+
requirement: &id006 !ruby/object:Gem::Requirement
|
104
|
+
none: false
|
105
|
+
requirements:
|
106
|
+
- - ">="
|
107
|
+
- !ruby/object:Gem::Version
|
108
|
+
hash: 3
|
109
|
+
segments:
|
110
|
+
- 0
|
111
|
+
version: "0"
|
112
|
+
type: :development
|
113
|
+
version_requirements: *id006
|
22
114
|
description: " LogicalAuthorization allows authorization in a finely grained framework, including\n ACLs and database based permissions, designed to slide into your project seamlessly.\n\n You should be able to add logical_authz to your Gemfile and add needs_authorization to\n your base controller class and be done.\n"
|
23
|
-
email:
|
115
|
+
email:
|
116
|
+
- judson@lrdesign.com
|
24
117
|
executables: []
|
25
118
|
|
26
119
|
extensions: []
|
27
120
|
|
28
|
-
extra_rdoc_files:
|
29
|
-
|
121
|
+
extra_rdoc_files:
|
122
|
+
- doc/README
|
30
123
|
files:
|
124
|
+
- LICENSE
|
125
|
+
- README
|
126
|
+
- app/views/permissions/index.html.haml
|
127
|
+
- app/views/permissions/create.rjs
|
128
|
+
- app/views/permissions/new.html.haml
|
129
|
+
- app/views/permissions/_controls.html.haml
|
130
|
+
- app/views/permissions/_form.html.haml
|
131
|
+
- app/views/permissions/edit.html.haml
|
132
|
+
- app/views/groups/index.html.haml
|
133
|
+
- app/views/groups/create.rjs
|
134
|
+
- app/views/groups/new.html.haml
|
135
|
+
- app/views/groups/_controls.html.haml
|
136
|
+
- app/views/groups/_form.html.haml
|
137
|
+
- app/views/groups/edit.html.haml
|
138
|
+
- app/views/groups/show.html.haml
|
139
|
+
- app/controllers/groups_controller.rb
|
140
|
+
- app/controllers/permissions_controller.rb
|
141
|
+
- app/controllers/groups_users_controller.rb
|
142
|
+
- app/helpers/logical_authz_helper.rb
|
31
143
|
- lib/tasks/rspec.rake
|
32
144
|
- lib/logical_authz.rb
|
33
145
|
- lib/logical_authz/configuration.rb
|
@@ -56,26 +168,11 @@ files:
|
|
56
168
|
- lib/logical_authz/generators/models/templates/migrations/create_permissions.rb
|
57
169
|
- lib/logical_authz/generators/routes/generator.rb
|
58
170
|
- lib/logical_authz/engine.rb
|
171
|
+
- lib/logical_authz/common.rb
|
59
172
|
- lib/logical_authz/access_control.rb
|
60
173
|
- lib/logical_authz/application.rb
|
61
|
-
-
|
62
|
-
-
|
63
|
-
- app/views/permissions/new.html.haml
|
64
|
-
- app/views/permissions/_controls.html.haml
|
65
|
-
- app/views/permissions/_form.html.haml
|
66
|
-
- app/views/permissions/edit.html.haml
|
67
|
-
- app/views/groups/index.html.haml
|
68
|
-
- app/views/groups/create.rjs
|
69
|
-
- app/views/groups/new.html.haml
|
70
|
-
- app/views/groups/_controls.html.haml
|
71
|
-
- app/views/groups/_form.html.haml
|
72
|
-
- app/views/groups/edit.html.haml
|
73
|
-
- app/views/groups/show.html.haml
|
74
|
-
- app/controllers/groups_controller.rb
|
75
|
-
- app/controllers/permissions_controller.rb
|
76
|
-
- app/controllers/groups_users_controller.rb
|
77
|
-
- app/helpers/logical_authz_helper.rb
|
78
|
-
- config/initializers/activate.rb
|
174
|
+
- rails/init.rb
|
175
|
+
- tasks/setup_logical_authz.rake
|
79
176
|
- generators/logical_authz_specs/logical_authz_specs_generator.rb
|
80
177
|
- generators/logical_authz/logical_authz_generator.rb
|
81
178
|
- generators/logical_authz/templates/app/views/layouts/_explain_authz.html.haml.erb
|
@@ -83,21 +180,20 @@ files:
|
|
83
180
|
- generators/logical_authz/templates/README
|
84
181
|
- generators/logical_authz_models/logical_authz_models_generator.rb
|
85
182
|
- generators/logical_authz_routes/logical_authz_routes_generator.rb
|
86
|
-
-
|
87
|
-
- spec/gem_test_suite.rb
|
183
|
+
- doc/README
|
88
184
|
has_rdoc: true
|
89
185
|
homepage: http://lrdesign.com/tools
|
90
|
-
licenses:
|
91
|
-
|
186
|
+
licenses:
|
187
|
+
- MIT
|
92
188
|
post_install_message: Another tidy package brought to you by Logical Reality Design
|
93
189
|
rdoc_options:
|
94
190
|
- --inline-source
|
95
191
|
- --main
|
96
192
|
- doc/README
|
97
193
|
- --title
|
98
|
-
- logical_authz-0.1
|
194
|
+
- logical_authz-0.2.1 RDoc
|
99
195
|
require_paths:
|
100
|
-
- lib
|
196
|
+
- lib/
|
101
197
|
required_ruby_version: !ruby/object:Gem::Requirement
|
102
198
|
none: false
|
103
199
|
requirements:
|
@@ -123,5 +219,5 @@ rubygems_version: 1.4.2
|
|
123
219
|
signing_key:
|
124
220
|
specification_version: 3
|
125
221
|
summary: Full fledged authorization, starting from one line
|
126
|
-
test_files:
|
127
|
-
|
222
|
+
test_files: []
|
223
|
+
|
@@ -1 +0,0 @@
|
|
1
|
-
require 'logical_authz'
|
data/spec/gem_test_suite.rb
DELETED
@@ -1,17 +0,0 @@
|
|
1
|
-
puts Dir::pwd
|
2
|
-
require 'test/unit'
|
3
|
-
begin
|
4
|
-
require 'spec'
|
5
|
-
rescue LoadError
|
6
|
-
false
|
7
|
-
end
|
8
|
-
|
9
|
-
class RSpecTest < Test::Unit::TestCase
|
10
|
-
def test_that_rspec_is_available
|
11
|
-
assert_nothing_raised("\n\n * RSpec isn't available - please run: gem install rspec *\n\n"){ ::Spec }
|
12
|
-
end
|
13
|
-
|
14
|
-
def test_that_specs_pass
|
15
|
-
assert(system(*%w{spec -f e -p **/*.rb spec}),"\n\n * Specs failed *\n\n")
|
16
|
-
end
|
17
|
-
end
|
data/spec/spec_helper.rb
DELETED
@@ -1,43 +0,0 @@
|
|
1
|
-
ENV["RAILS_ENV"] ||= 'test'
|
2
|
-
|
3
|
-
$" << File.expand_path(File.join(File.dirname(__FILE__), '..','..','..','..','app','controllers','authz_controller.rb'))
|
4
|
-
|
5
|
-
|
6
|
-
require File.expand_path(File.join(File.dirname(__FILE__),'..','..','..','..','config','environment'))
|
7
|
-
require 'spec/rails'
|
8
|
-
require 'logical_authz/spec_helper'
|
9
|
-
|
10
|
-
# Requires supporting files with custom matchers and macros, etc,
|
11
|
-
# in ./support/ and its subdirectories.
|
12
|
-
Dir[File.expand_path(File.join(File.dirname(__FILE__),'support','**','*.rb'))].each {|f| require f}
|
13
|
-
|
14
|
-
plugin_spec_dir = File.dirname(__FILE__)
|
15
|
-
$: << File::join(plugin_spec_dir, "spec_helper", "models")
|
16
|
-
RSpec::Runner.configure do |config|
|
17
|
-
# If you're not using ActiveRecord you should remove these
|
18
|
-
# lines, delete config/database.yml and disable :active_record
|
19
|
-
# in your config/boot.rb
|
20
|
-
# config.use_transactional_fixtures = true
|
21
|
-
config.use_instantiated_fixtures = true
|
22
|
-
config.fixture_path = File::join(File.dirname(__FILE__), 'fixtures')
|
23
|
-
config.global_fixtures = [
|
24
|
-
:az_accounts, :groups, :permissions
|
25
|
-
]
|
26
|
-
end
|
27
|
-
|
28
|
-
ActiveRecord::Base.logger = Logger.new(plugin_spec_dir + "/debug.log")
|
29
|
-
|
30
|
-
databases = YAML::load(IO.read(plugin_spec_dir + "/db/database.yml"))
|
31
|
-
ActiveRecord::Base.establish_connection(databases[ENV["DB"] || "sqlite3"])
|
32
|
-
load(File.join(plugin_spec_dir, "db", "schema.rb"))
|
33
|
-
|
34
|
-
require File::join(plugin_spec_dir, "mock_auth")
|
35
|
-
require File::join(plugin_spec_dir, "routes")
|
36
|
-
|
37
|
-
Dir.glob(File::join(plugin_spec_dir, "factories", "*.rb")) do |path|
|
38
|
-
require path
|
39
|
-
end
|
40
|
-
|
41
|
-
|
42
|
-
Group::member_class = AzAccount
|
43
|
-
|