mongoid_acl 0.0.3 → 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +5 -1
- data/lib/mongoid_acl/methods.rb +62 -9
- data/lib/mongoid_acl/version.rb +1 -1
- data/spec/mongoid_acl/acl_spec.rb +20 -1
- metadata +9 -9
data/README.md
CHANGED
@@ -4,7 +4,11 @@ mongoid_acl allows you to easily add access control lists to your Mongoid::Docum
|
|
4
4
|
|
5
5
|
Installation
|
6
6
|
------------
|
7
|
-
To install add the following line to your gemfile
|
7
|
+
To install add the following line to your gemfile
|
8
|
+
|
9
|
+
gem 'mongoid_acl'
|
10
|
+
|
11
|
+
If you're living on the edge and are using bundler 1.1, try the master branch
|
8
12
|
|
9
13
|
gem 'mongoid_acl', :hg => 'https://bitbucket.org/nielsv/mongoid_acl'
|
10
14
|
|
data/lib/mongoid_acl/methods.rb
CHANGED
@@ -36,37 +36,73 @@ module Mongoid
|
|
36
36
|
# quickly add read permission for this actor
|
37
37
|
# @param [String] identifier of the actor
|
38
38
|
# @return [Boolean]
|
39
|
-
def
|
40
|
-
self.
|
39
|
+
def grant_read!(identifier)
|
40
|
+
self.grant_permission_to(Mongoid::ACL::READ_PERM,identifier)
|
41
41
|
end
|
42
42
|
|
43
43
|
# quickly add update permission for this actor
|
44
44
|
# @param [String] identifier of the actor
|
45
45
|
# @return [Boolean]
|
46
|
-
def
|
47
|
-
self.
|
46
|
+
def grant_update!(identifier)
|
47
|
+
self.grant_permission_to(Mongoid::ACL::UPDATE_PERM,identifier)
|
48
48
|
end
|
49
49
|
|
50
50
|
# quickly add destroy permission for this actor
|
51
51
|
# @param [String] identifier of the actor
|
52
52
|
# @return [Boolean]
|
53
|
-
def
|
54
|
-
self.
|
53
|
+
def grant_destroy!(identifier)
|
54
|
+
self.grant_permission_to(Mongoid::ACL::DESTROY_PERM,identifier)
|
55
55
|
end
|
56
56
|
|
57
57
|
|
58
58
|
# quickly add read,update and destroy permission for this actor
|
59
59
|
# @param [String] identifier of the actor
|
60
60
|
# @return [Boolean]
|
61
|
-
def
|
62
|
-
self.
|
61
|
+
def grant_manage!(identifier)
|
62
|
+
self.grant_permission_to([Mongoid::ACL::READ_PERM,Mongoid::ACL::UPDATE_PERM,Mongoid::ACL::DESTROY_PERM],identifier)
|
63
63
|
end
|
64
64
|
|
65
|
+
# quickly remove read permission for this actor
|
66
|
+
# @param [String] identifier of the actor
|
67
|
+
# @return [Boolean]
|
68
|
+
def revoke_read(identifier)
|
69
|
+
self.revoke_permission_for(Mongoid::ACL::READ_PERM,identifier)
|
70
|
+
end
|
71
|
+
|
72
|
+
# quickly remove update permission for this actor
|
73
|
+
# @param [String] identifier of the actor
|
74
|
+
# @return [Boolean]
|
75
|
+
def revoke_update!(identifier)
|
76
|
+
self.revoke_permission_for(Mongoid::ACL::UPDATE_PERM,identifier)
|
77
|
+
end
|
78
|
+
|
79
|
+
# quickly remove destroy permission for this actor
|
80
|
+
# @param [String] identifier of the actor
|
81
|
+
# @return [Boolean]
|
82
|
+
def revoke_destroy!(identifier)
|
83
|
+
self.revoke_permission_for(Mongoid::ACL::DESTROY_PERM,identifier)
|
84
|
+
end
|
85
|
+
|
86
|
+
|
87
|
+
# quickly remove read,update and destroy permission for this actor
|
88
|
+
# @param [String] identifier of the actor
|
89
|
+
# @return [Boolean]
|
90
|
+
def revoke_manage!(identifier)
|
91
|
+
self.revoke_permission_for([Mongoid::ACL::READ_PERM,Mongoid::ACL::UPDATE_PERM,Mongoid::ACL::DESTROY_PERM],identifier)
|
92
|
+
end
|
93
|
+
|
94
|
+
|
95
|
+
# quickly remove all permissions
|
96
|
+
# @return [Boolean]
|
97
|
+
def revoke_all_permissions
|
98
|
+
self.collection.update({"_id" => self.id}, {"$unset" => {"acls"=>1} })
|
99
|
+
end
|
100
|
+
|
65
101
|
# add identifier(s) to the given permission(s) in the acl list of this object
|
66
102
|
# @param [Array,String] permission
|
67
103
|
# @param [Array,String] identifier
|
68
104
|
# @returns [Boolean]
|
69
|
-
def
|
105
|
+
def grant_permission_to(permission,identifier)
|
70
106
|
if identifier.kind_of?(Array)
|
71
107
|
identifier = {"$each" => identifier}
|
72
108
|
end
|
@@ -79,7 +115,24 @@ module Mongoid
|
|
79
115
|
return self.collection.update({"_id" => self.id}, {"$addToSet" => hash_map })
|
80
116
|
end
|
81
117
|
|
118
|
+
# revoke identifier(s) from the given permission(s) in the acl list of this object
|
119
|
+
# @param [Array,String] permission
|
120
|
+
# @param [Array,String] identifier
|
121
|
+
# @returns [Boolean]
|
122
|
+
def revoke_permission_for(permission,identifier)
|
123
|
+
if !identifier.respond_to?('each')
|
124
|
+
identifier = [identifier]
|
125
|
+
end
|
126
|
+
if permission.kind_of?(Array)
|
127
|
+
hash_map = Hash.new
|
128
|
+
permission.each{ |p| hash_map["acls.#{p}"] = identifier}
|
129
|
+
else
|
130
|
+
hash_map = {"acls.#{permission}" => identifier}
|
131
|
+
end
|
132
|
+
return self.collection.update({"_id" => self.id}, {"$pullAll" => hash_map })
|
133
|
+
end
|
82
134
|
|
135
|
+
|
83
136
|
def has_permission_for(permission,identifier)
|
84
137
|
return false if self.acls.nil?
|
85
138
|
self.acls[permission].include?(PUBLIC_IDENTIFIER) || self.acls[permission].include?(identifier)
|
data/lib/mongoid_acl/version.rb
CHANGED
@@ -18,7 +18,7 @@ describe Mongoid::ACL do
|
|
18
18
|
end
|
19
19
|
context 'user1 can manage post1' do
|
20
20
|
before :all do
|
21
|
-
@post1.
|
21
|
+
@post1.grant_manage!(@user1.id)
|
22
22
|
@post1 = Post.find(@post1.id)
|
23
23
|
end
|
24
24
|
|
@@ -41,5 +41,24 @@ describe Mongoid::ACL do
|
|
41
41
|
@post1.can_manage?(@user2.id).should == false
|
42
42
|
end
|
43
43
|
end
|
44
|
+
|
45
|
+
context 'user1 has manage rights revoked' do
|
46
|
+
before :all do
|
47
|
+
@post1.revoke_manage!(@user1.id)
|
48
|
+
@post1 = Post.find(@post1.id)
|
49
|
+
|
50
|
+
end
|
51
|
+
|
52
|
+
it 'should have an empty acl list' do
|
53
|
+
@post1.acls.should == {
|
54
|
+
Mongoid::ACL::READ_PERM => [],
|
55
|
+
Mongoid::ACL::UPDATE_PERM => [],
|
56
|
+
Mongoid::ACL::DESTROY_PERM => []
|
57
|
+
}
|
58
|
+
end
|
59
|
+
it 'should not allow user1 to manage post1' do
|
60
|
+
@post1.can_manage?(@user1.id).should == false
|
61
|
+
end
|
62
|
+
end
|
44
63
|
|
45
64
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: mongoid_acl
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0
|
4
|
+
version: 0.1.0
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -13,7 +13,7 @@ date: 2011-12-06 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: rspec
|
16
|
-
requirement: &
|
16
|
+
requirement: &2152144440 !ruby/object:Gem::Requirement
|
17
17
|
none: false
|
18
18
|
requirements:
|
19
19
|
- - ~>
|
@@ -21,10 +21,10 @@ dependencies:
|
|
21
21
|
version: '2.5'
|
22
22
|
type: :development
|
23
23
|
prerelease: false
|
24
|
-
version_requirements: *
|
24
|
+
version_requirements: *2152144440
|
25
25
|
- !ruby/object:Gem::Dependency
|
26
26
|
name: mongoid
|
27
|
-
requirement: &
|
27
|
+
requirement: &2152143880 !ruby/object:Gem::Requirement
|
28
28
|
none: false
|
29
29
|
requirements:
|
30
30
|
- - ~>
|
@@ -32,10 +32,10 @@ dependencies:
|
|
32
32
|
version: '2.2'
|
33
33
|
type: :development
|
34
34
|
prerelease: false
|
35
|
-
version_requirements: *
|
35
|
+
version_requirements: *2152143880
|
36
36
|
- !ruby/object:Gem::Dependency
|
37
37
|
name: bson_ext
|
38
|
-
requirement: &
|
38
|
+
requirement: &2152143340 !ruby/object:Gem::Requirement
|
39
39
|
none: false
|
40
40
|
requirements:
|
41
41
|
- - ~>
|
@@ -43,10 +43,10 @@ dependencies:
|
|
43
43
|
version: '1.3'
|
44
44
|
type: :development
|
45
45
|
prerelease: false
|
46
|
-
version_requirements: *
|
46
|
+
version_requirements: *2152143340
|
47
47
|
- !ruby/object:Gem::Dependency
|
48
48
|
name: rake
|
49
|
-
requirement: &
|
49
|
+
requirement: &2152142960 !ruby/object:Gem::Requirement
|
50
50
|
none: false
|
51
51
|
requirements:
|
52
52
|
- - ! '>='
|
@@ -54,7 +54,7 @@ dependencies:
|
|
54
54
|
version: '0'
|
55
55
|
type: :development
|
56
56
|
prerelease: false
|
57
|
-
version_requirements: *
|
57
|
+
version_requirements: *2152142960
|
58
58
|
description: Add basic Access Control Lists to Mongoid documents. Optimized for speed
|
59
59
|
by using only ONE request to MongoDB to validate, update, and retrieve updated data.
|
60
60
|
email: progster@gmail.com
|