mongoid_acl 0.0.2 → 0.0.3
Sign up to get free protection for your applications and to get access to all the features.
- data/LICENSE.md +14 -0
- data/README.md +64 -0
- data/lib/mongoid_acl/acl.rb +15 -0
- data/lib/mongoid_acl/integration.rb +13 -0
- data/lib/mongoid_acl/methods.rb +91 -0
- data/lib/mongoid_acl/version.rb +5 -0
- data/lib/mongoid_acl.rb +3 -0
- data/spec/models/post.rb +11 -0
- data/spec/models/user.rb +5 -0
- data/spec/mongoid_acl/acl_spec.rb +45 -0
- data/spec/spec_helper.rb +28 -0
- metadata +26 -11
data/LICENSE.md
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
# Mongoid::ACL
|
2
|
+
Copyright 2011 Niels Vandekeybus <progster@gmail.com>
|
3
|
+
|
4
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
5
|
+
you may not use this file except in compliance with the License.
|
6
|
+
You may obtain a copy of the License at
|
7
|
+
|
8
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
9
|
+
|
10
|
+
Unless required by applicable law or agreed to in writing, software
|
11
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
12
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
13
|
+
See the License for the specific language governing permissions and
|
14
|
+
limitations under the License.
|
data/README.md
ADDED
@@ -0,0 +1,64 @@
|
|
1
|
+
Mongoid::ACL
|
2
|
+
===============
|
3
|
+
mongoid_acl allows you to easily add access control lists to your Mongoid::Document objects. This implementation assumes you need to check acl's when loading an object, it's not efficient if you want to retrieve all the objects an actor has rights on.
|
4
|
+
|
5
|
+
Installation
|
6
|
+
------------
|
7
|
+
To install add the following line to your gemfile (requires recent version of bundler)
|
8
|
+
|
9
|
+
gem 'mongoid_acl', :hg => 'https://bitbucket.org/nielsv/mongoid_acl'
|
10
|
+
|
11
|
+
After that, remember to run “bundle install”
|
12
|
+
|
13
|
+
Usage
|
14
|
+
-----
|
15
|
+
An example mongoid document object that on creation automatically adds permissions for the user it belongs to.
|
16
|
+
|
17
|
+
class Comment
|
18
|
+
include Mongoid::Document
|
19
|
+
include Mongoid::ACL
|
20
|
+
field :text
|
21
|
+
|
22
|
+
belongs_to :user
|
23
|
+
|
24
|
+
set_callback(:create,:after) do |comment|
|
25
|
+
comment.can_manage!(self.user_id)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
class User
|
30
|
+
include Mongoid::Document
|
31
|
+
|
32
|
+
field :name
|
33
|
+
end
|
34
|
+
|
35
|
+
A quick example using the classes above
|
36
|
+
|
37
|
+
user_a = User.create(:name => "user a",:_id => "a")
|
38
|
+
comment_1 = Comment.create(:text => 'some text',:user_id => user_a.id)
|
39
|
+
|
40
|
+
comment_1.can_read?(user_a)
|
41
|
+
>> true
|
42
|
+
comment_1.can_update?(user_a)
|
43
|
+
>> true
|
44
|
+
|
45
|
+
comment_1.can_destroy?(user_a)
|
46
|
+
>> true
|
47
|
+
|
48
|
+
user_b = User.create(:name => "user b",:_id => "b")
|
49
|
+
comment_1.can_destroy?(user_b)
|
50
|
+
>> false
|
51
|
+
|
52
|
+
comment_1.can_update?(user_b)
|
53
|
+
>> false
|
54
|
+
|
55
|
+
comment_1.can_update!(user_b)
|
56
|
+
|
57
|
+
comment_1.can_update?(user_b)
|
58
|
+
>> true
|
59
|
+
|
60
|
+
|
61
|
+
Credits
|
62
|
+
-------
|
63
|
+
(c) 2011 Niels Vandekeybus
|
64
|
+
Licensed under the apache license, version 2.0 (see LICENSE.md for details)
|
@@ -0,0 +1,15 @@
|
|
1
|
+
module Mongoid
|
2
|
+
module ACL
|
3
|
+
extend ActiveSupport::Concern
|
4
|
+
READ_PERM = 'read'
|
5
|
+
UPDATE_PERM = 'update'
|
6
|
+
DESTROY_PERM ='destroy'
|
7
|
+
|
8
|
+
PUBLIC_IDENTIFIER = '__PUBLIC__'
|
9
|
+
|
10
|
+
included do
|
11
|
+
include Mongoid::ACL::Methods
|
12
|
+
include Mongoid::ACL::Integration
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,91 @@
|
|
1
|
+
module Mongoid
|
2
|
+
module ACL
|
3
|
+
module Methods
|
4
|
+
extend ActiveSupport::Concern
|
5
|
+
|
6
|
+
module InstanceMethods
|
7
|
+
# check if an actor with identifier has read permission (Mongoid::ACL::READ_PERM) on this object
|
8
|
+
# @param [String] identifier of the actor
|
9
|
+
# @return [Boolean]
|
10
|
+
def can_read?(identifier)
|
11
|
+
self.has_permission_for(Mongoid::ACL::READ_PERM,identifier)
|
12
|
+
end
|
13
|
+
|
14
|
+
# check if an actor with identifier has the update permission (Mongoid::ACL::UPDATE_PERM) on this object
|
15
|
+
# @param [String] identifier of the actor
|
16
|
+
# @return [Boolean]
|
17
|
+
def can_update?(identifier)
|
18
|
+
self.has_permission_for(Mongoid::ACL::UPDATE_PERM,identifier)
|
19
|
+
|
20
|
+
end
|
21
|
+
|
22
|
+
# check if an actor with identifier has the destroy permission (Mongoid::ACL::DESTROY_PERM) on this object
|
23
|
+
# @param [String] identifier of the actor
|
24
|
+
# @return [Boolean]
|
25
|
+
def can_destroy?(identifier)
|
26
|
+
self.has_permission_for(Mongoid::ACL::DESTROY_PERM,identifier)
|
27
|
+
end
|
28
|
+
|
29
|
+
# quickly check whether an actor has the read,update and destroy permission on this object
|
30
|
+
# @param [String] identifier of the actor
|
31
|
+
# @return [Boolean]
|
32
|
+
def can_manage?(identifier)
|
33
|
+
can_read?(identifier) && can_update?(identifier) && can_destroy?(identifier)
|
34
|
+
end
|
35
|
+
|
36
|
+
# quickly add read permission for this actor
|
37
|
+
# @param [String] identifier of the actor
|
38
|
+
# @return [Boolean]
|
39
|
+
def can_read!(identifier)
|
40
|
+
self.add_permission_for(Mongoid::ACL::READ_PERM,identifier)
|
41
|
+
end
|
42
|
+
|
43
|
+
# quickly add update permission for this actor
|
44
|
+
# @param [String] identifier of the actor
|
45
|
+
# @return [Boolean]
|
46
|
+
def can_update!(identifier)
|
47
|
+
self.add_permission_for(Mongoid::ACL::UPDATE_PERM,identifier)
|
48
|
+
end
|
49
|
+
|
50
|
+
# quickly add destroy permission for this actor
|
51
|
+
# @param [String] identifier of the actor
|
52
|
+
# @return [Boolean]
|
53
|
+
def can_destroy!(identifier)
|
54
|
+
self.add_permission_for(Mongoid::ACL::DESTROY_PERM,identifier)
|
55
|
+
end
|
56
|
+
|
57
|
+
|
58
|
+
# quickly add read,update and destroy permission for this actor
|
59
|
+
# @param [String] identifier of the actor
|
60
|
+
# @return [Boolean]
|
61
|
+
def can_manage!(identifier)
|
62
|
+
self.add_permission_for([Mongoid::ACL::READ_PERM,Mongoid::ACL::UPDATE_PERM,Mongoid::ACL::DESTROY_PERM],identifier)
|
63
|
+
end
|
64
|
+
|
65
|
+
# add identifier(s) to the given permission(s) in the acl list of this object
|
66
|
+
# @param [Array,String] permission
|
67
|
+
# @param [Array,String] identifier
|
68
|
+
# @returns [Boolean]
|
69
|
+
def add_permission_for(permission,identifier)
|
70
|
+
if identifier.kind_of?(Array)
|
71
|
+
identifier = {"$each" => identifier}
|
72
|
+
end
|
73
|
+
if permission.kind_of?(Array)
|
74
|
+
hash_map = Hash.new
|
75
|
+
permission.each{ |p| hash_map["acls.#{p}"] = identifier}
|
76
|
+
else
|
77
|
+
hash_map = {"acls.#{permission}" => identifier}
|
78
|
+
end
|
79
|
+
return self.collection.update({"_id" => self.id}, {"$addToSet" => hash_map })
|
80
|
+
end
|
81
|
+
|
82
|
+
|
83
|
+
def has_permission_for(permission,identifier)
|
84
|
+
return false if self.acls.nil?
|
85
|
+
self.acls[permission].include?(PUBLIC_IDENTIFIER) || self.acls[permission].include?(identifier)
|
86
|
+
end
|
87
|
+
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|
91
|
+
end
|
data/lib/mongoid_acl.rb
ADDED
data/spec/models/post.rb
ADDED
data/spec/models/user.rb
ADDED
@@ -0,0 +1,45 @@
|
|
1
|
+
require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')
|
2
|
+
|
3
|
+
describe Mongoid::ACL do
|
4
|
+
|
5
|
+
before :all do
|
6
|
+
@post1 = Post.create!(:title => 'post1')
|
7
|
+
@post2 = Post.create!(:title => 'post2')
|
8
|
+
@user1 = User.create!(:name => 'user1')
|
9
|
+
@user2 = User.create!(:name => 'user2')
|
10
|
+
end
|
11
|
+
|
12
|
+
context "no acls assigned" do
|
13
|
+
it 'validates that after create no acls are present' do
|
14
|
+
@post1.acls.should == nil
|
15
|
+
@post2.acls.should == nil
|
16
|
+
end
|
17
|
+
|
18
|
+
end
|
19
|
+
context 'user1 can manage post1' do
|
20
|
+
before :all do
|
21
|
+
@post1.can_manage!(@user1.id)
|
22
|
+
@post1 = Post.find(@post1.id)
|
23
|
+
end
|
24
|
+
|
25
|
+
it 'has the necessary acls' do
|
26
|
+
@post1.should be_is_a Post
|
27
|
+
@post1.should_not be_new_record
|
28
|
+
|
29
|
+
@post1.acls.should == {
|
30
|
+
Mongoid::ACL::READ_PERM => [@user1.id],
|
31
|
+
Mongoid::ACL::UPDATE_PERM => [@user1.id],
|
32
|
+
Mongoid::ACL::DESTROY_PERM => [@user1.id]
|
33
|
+
}
|
34
|
+
end
|
35
|
+
|
36
|
+
it 'validates user1 can manage post1' do
|
37
|
+
@post1.can_manage?(@user1.id).should == true
|
38
|
+
end
|
39
|
+
|
40
|
+
it 'validates user2 can not manage post1' do
|
41
|
+
@post1.can_manage?(@user2.id).should == false
|
42
|
+
end
|
43
|
+
end
|
44
|
+
|
45
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,28 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'bundler'
|
3
|
+
Bundler.setup
|
4
|
+
|
5
|
+
require 'mongoid'
|
6
|
+
|
7
|
+
Mongoid.configure do |config|
|
8
|
+
name = 'mongoid_acl_test'
|
9
|
+
host = 'localhost'
|
10
|
+
config.master = Mongo::Connection.new.db(name)
|
11
|
+
config.autocreate_indexes = true
|
12
|
+
end
|
13
|
+
|
14
|
+
$LOAD_PATH.unshift(File.dirname(__FILE__))
|
15
|
+
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
|
16
|
+
|
17
|
+
|
18
|
+
require 'mongoid_acl'
|
19
|
+
require 'rspec'
|
20
|
+
require 'rspec/autorun'
|
21
|
+
|
22
|
+
models_folder = File.join(File.dirname(__FILE__), 'models')
|
23
|
+
Dir[ File.join(models_folder, '*.rb') ].each { |file|
|
24
|
+
require file.sub('.rb','')
|
25
|
+
file_name = File.basename(file).sub('.rb', '')
|
26
|
+
klass = file_name.classify.constantize
|
27
|
+
klass.collection.drop
|
28
|
+
}
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: mongoid_acl
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.3
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -13,7 +13,7 @@ date: 2011-12-06 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rspec
|
16
|
-
requirement: &
|
16
|
+
requirement: &2152720440 !ruby/object:Gem::Requirement
|
17
17
|
none: false
|
18
18
|
requirements:
|
19
19
|
- - ~>
|
@@ -21,10 +21,10 @@ dependencies:
|
|
21
21
|
version: '2.5'
|
22
22
|
type: :development
|
23
23
|
prerelease: false
|
24
|
-
version_requirements: *
|
24
|
+
version_requirements: *2152720440
|
25
25
|
- !ruby/object:Gem::Dependency
|
26
26
|
name: mongoid
|
27
|
-
requirement: &
|
27
|
+
requirement: &2152719420 !ruby/object:Gem::Requirement
|
28
28
|
none: false
|
29
29
|
requirements:
|
30
30
|
- - ~>
|
@@ -32,10 +32,10 @@ dependencies:
|
|
32
32
|
version: '2.2'
|
33
33
|
type: :development
|
34
34
|
prerelease: false
|
35
|
-
version_requirements: *
|
35
|
+
version_requirements: *2152719420
|
36
36
|
- !ruby/object:Gem::Dependency
|
37
37
|
name: bson_ext
|
38
|
-
requirement: &
|
38
|
+
requirement: &2152718760 !ruby/object:Gem::Requirement
|
39
39
|
none: false
|
40
40
|
requirements:
|
41
41
|
- - ~>
|
@@ -43,10 +43,10 @@ dependencies:
|
|
43
43
|
version: '1.3'
|
44
44
|
type: :development
|
45
45
|
prerelease: false
|
46
|
-
version_requirements: *
|
46
|
+
version_requirements: *2152718760
|
47
47
|
- !ruby/object:Gem::Dependency
|
48
48
|
name: rake
|
49
|
-
requirement: &
|
49
|
+
requirement: &2152718140 !ruby/object:Gem::Requirement
|
50
50
|
none: false
|
51
51
|
requirements:
|
52
52
|
- - ! '>='
|
@@ -54,14 +54,25 @@ dependencies:
|
|
54
54
|
version: '0'
|
55
55
|
type: :development
|
56
56
|
prerelease: false
|
57
|
-
version_requirements: *
|
57
|
+
version_requirements: *2152718140
|
58
58
|
description: Add basic Access Control Lists to Mongoid documents. Optimized for speed
|
59
59
|
by using only ONE request to MongoDB to validate, update, and retrieve updated data.
|
60
60
|
email: progster@gmail.com
|
61
61
|
executables: []
|
62
62
|
extensions: []
|
63
63
|
extra_rdoc_files: []
|
64
|
-
files:
|
64
|
+
files:
|
65
|
+
- lib/mongoid_acl/acl.rb
|
66
|
+
- lib/mongoid_acl/integration.rb
|
67
|
+
- lib/mongoid_acl/methods.rb
|
68
|
+
- lib/mongoid_acl/version.rb
|
69
|
+
- lib/mongoid_acl.rb
|
70
|
+
- LICENSE.md
|
71
|
+
- README.md
|
72
|
+
- spec/models/post.rb
|
73
|
+
- spec/models/user.rb
|
74
|
+
- spec/mongoid_acl/acl_spec.rb
|
75
|
+
- spec/spec_helper.rb
|
65
76
|
homepage: https://bitbucket.org/nielsv/mongoid_acl
|
66
77
|
licenses: []
|
67
78
|
post_install_message:
|
@@ -86,4 +97,8 @@ rubygems_version: 1.8.12
|
|
86
97
|
signing_key:
|
87
98
|
specification_version: 3
|
88
99
|
summary: Add basic Access Control Lists to Mongoid documents
|
89
|
-
test_files:
|
100
|
+
test_files:
|
101
|
+
- spec/models/post.rb
|
102
|
+
- spec/models/user.rb
|
103
|
+
- spec/mongoid_acl/acl_spec.rb
|
104
|
+
- spec/spec_helper.rb
|