RubyGems - pebblebed - Versions diffs - 0.0.42 → 0.0.43 - Mend

pebblebed 0.0.42 → 0.0.43

Files changed (5) hide show

data/README.md CHANGED

@@ -49,13 +49,14 @@ This exception has the fields `status` and `message`.
 Other helper methods provided by this extension:
     part(partspec, params = {})             # Include a part from a kit (See https://github.com/benglerpebbles/kits)
-    parts_script_include_tags               # All script tags required by the kits
+    parts_script_include_tags               # All script tags required by the kits
     parts_stylesheet_include_tags           # All stylesheet-tags required by the kits
     current_session                         # The hash string that identifies the current browser session
     pebbles                                 # Common entrypoint for the Pebblebed::Connector
     current_identity                        # Returns the a DeepStruct record with the vital data for the current user
     require_identity                        # Halts with 403 if there is no current user
     require_god                             # Halts with 403 if the current user is not a god
+    require_access_to_path(path)            # Halts with 403 if the current user is not a member of a checkpoint access group with privileged access to that path
     require_parameters(parameters, *keys)   # Halts with 409 if the at least one of the provided keys is not in the params-hash
 ### Testing Sinatra APIs

data/lib/pebblebed/sinatra.rb CHANGED

@@ -85,6 +85,14 @@ module Sinatra
         halt 409, "missing parameters: #{missing.join(', ')}" unless missing.empty?
       end
+      def require_access_to_path(path)
+        require_identity
+        return if current_identity.god and path.split(".")[0] == current_identity.realm
+        res = pebbles.checkpoint.get("/identities/#{current_identity.id}/access_to/#{path}")
+        return if res['access'] and res['access']['granted'] == true
+        halt 403, "Access denied."
+      end
       def limit_offset_collection(collection, options)
         limit = (options[:limit] || 20).to_i
         offset = (options[:offset] || 0).to_i

data/lib/pebblebed/version.rb CHANGED

@@ -1,3 +1,3 @@
 module Pebblebed
-  VERSION = "0.0.42"
+  VERSION = "0.0.43"
 end

data/spec/sinatra_spec.rb CHANGED

@@ -24,6 +24,11 @@ class TestApp < Sinatra::Base
     "You are logged in"
   end
+  get '/group' do
+    require_access_to_path("testrealm.specialgroup.123")
+    "You are granted access to this content"
+  end
   get '/root' do
     require_god
     "You are most powerful"
@@ -107,6 +112,48 @@ describe Sinatra::Pebblebed do
     end
   end
+  describe "with access groups control" do
+    let(:checkpoint) {
+      checkpoint = stub
+      checkpoint.stub!(:service_url => 'http://example.com')
+      checkpoint
+    }
+    context "as a guest" do
+      specify "not allowed" do
+        guest!
+        get '/group'
+        last_response.status.should == 403
+      end
+    end
+    context "as a god" do
+      specify "allowed without policy check" do
+        god!(:session => random_session)
+        get '/group'
+        last_response.body.should == "You are granted access to this content"
+      end
+    end
+    context "as user without grants" do
+      specify "is disallowed" do
+        user!
+        checkpoint.should_receive(:get).with("/identities/me").and_return(DeepStruct.wrap(:identity => {:realm => 'testrealm', :id => 1, :god => false}))
+        checkpoint.should_receive(:get).with("/identities/1/access_to/testrealm.specialgroup.123").and_return(DeepStruct.wrap(:access => {:granted => false}))
+        Pebblebed::Connector.any_instance.stub(:checkpoint => checkpoint)
+        get '/group'
+        last_response.status.should == 403
+      end
+    end
+    context "as user with grants" do
+      specify "is allowed" do
+        user!
+        checkpoint.should_receive(:get).with("/identities/me").and_return(DeepStruct.wrap(:identity => {:realm => 'testrealm', :id => 1, :god => false}))
+        checkpoint.should_receive(:get).with("/identities/1/access_to/testrealm.specialgroup.123").and_return(DeepStruct.wrap(:access => {:granted => true}))
+        Pebblebed::Connector.any_instance.stub(:checkpoint => checkpoint)
+        get '/group'
+        last_response.body.should == "You are granted access to this content"
+      end
+    end
+  end
   describe "error handling" do
     before(:each) { guest! }

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: pebblebed
 version: !ruby/object:Gem::Version
-  version: 0.0.42
+  version: 0.0.43
   prerelease:
 platform: ruby
 authors:
@@ -10,11 +10,11 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2013-01-25 00:00:00.000000000 Z
+date: 2013-02-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &70269360765760 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -22,10 +22,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70269360765760
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rake
-  requirement: &70269360765140 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -33,10 +38,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70269360765140
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: simplecov
-  requirement: &70269360764520 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -44,10 +54,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70269360764520
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: sinatra
-  requirement: &70269360763860 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -55,10 +70,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70269360763860
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: rack-test
-  requirement: &70269360763420 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -66,10 +86,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70269360763420
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: memcache_mock
-  requirement: &70269360762920 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -77,10 +102,15 @@ dependencies:
         version: '0'
   type: :development
   prerelease: false
-  version_requirements: *70269360762920
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: deepstruct
-  requirement: &70269360778520 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -88,10 +118,15 @@ dependencies:
         version: 0.0.4
   type: :runtime
   prerelease: false
-  version_requirements: *70269360778520
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.0.4
 - !ruby/object:Gem::Dependency
   name: curb
-  requirement: &70269360777860 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -99,10 +134,15 @@ dependencies:
         version: 0.7.14
   type: :runtime
   prerelease: false
-  version_requirements: *70269360777860
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.7.14
 - !ruby/object:Gem::Dependency
   name: yajl-ruby
-  requirement: &70269360777480 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -110,10 +150,15 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70269360777480
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: queryparams
-  requirement: &70269360777020 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -121,10 +166,15 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70269360777020
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: futurevalue
-  requirement: &70269360776580 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -132,10 +182,15 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70269360776580
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: pathbuilder
-  requirement: &70269360776120 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -143,10 +198,15 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70269360776120
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: nokogiri
-  requirement: &70269360775660 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -154,10 +214,15 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70269360775660
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: i18n
-  requirement: &70269360775220 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -165,10 +230,15 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70269360775220
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: activesupport
-  requirement: &70269360774760 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -176,10 +246,15 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70269360774760
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 - !ruby/object:Gem::Dependency
   name: bunny
-  requirement: &70269360774320 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -187,7 +262,12 @@ dependencies:
         version: '0'
   type: :runtime
   prerelease: false
-  version_requirements: *70269360774320
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Development tools for working with Pebblebed
 email:
 - katrina@bengler.no
@@ -247,15 +327,21 @@ required_ruby_version: !ruby/object:Gem::Requirement
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: -4488871030272884545
 required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: -4488871030272884545
 requirements: []
 rubyforge_project: pebblebed
-rubygems_version: 1.8.15
+rubygems_version: 1.8.25
 signing_key:
 specification_version: 3
 summary: Development tools for working with Pebblebed
@@ -274,4 +360,3 @@ test_files:
 - spec/sinatra_spec.rb
 - spec/spec_helper.rb
 - spec/uid_spec.rb
-has_rdoc: