permissioner 0.0.1.beta
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +18 -0
- data/.rspec +1 -0
- data/CHANGELOG +3 -0
- data/Gemfile +4 -0
- data/Guardfile +9 -0
- data/LICENSE.txt +6 -0
- data/README.md +29 -0
- data/Rakefile +5 -0
- data/epl-v10.html +262 -0
- data/lib/permissioner/controller_additions.rb +27 -0
- data/lib/permissioner/exceptions.rb +3 -0
- data/lib/permissioner/matchers.rb +16 -0
- data/lib/permissioner/permission_configurer.rb +59 -0
- data/lib/permissioner/permission_service_additions.rb +105 -0
- data/lib/permissioner/railtie.rb +8 -0
- data/lib/permissioner/version.rb +3 -0
- data/lib/permissioner.rb +9 -0
- data/permissioner.gemspec +22 -0
- data/spec/permissioner/controller_additions_spec.rb +107 -0
- data/spec/permissioner/matchers_spec.rb +47 -0
- data/spec/permissioner/permission_configurer_spec.rb +60 -0
- data/spec/permissioner/permission_service_additions_spec.rb +263 -0
- data/spec/spec_helper.rb +10 -0
- metadata +121 -0
data/.gitignore
ADDED
data/.rspec
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
--color
|
data/CHANGELOG
ADDED
data/Gemfile
ADDED
data/Guardfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,6 @@
|
|
1
|
+
Copyright (c) 2013 Daniel Grawunder, Christian Mierich.
|
2
|
+
All rights reserved. This program and the accompanying materials
|
3
|
+
are made available under the terms of the Eclipse Public License v1.0
|
4
|
+
which accompanies this distribution, and is available at
|
5
|
+
http://www.eclipse.org/legal/epl-v10.html or in the file epl-v10.html
|
6
|
+
at the root of this distribution.
|
data/README.md
ADDED
@@ -0,0 +1,29 @@
|
|
1
|
+
# Permissioner
|
2
|
+
|
3
|
+
TODO: Write a gem description
|
4
|
+
|
5
|
+
## Installation
|
6
|
+
|
7
|
+
Add this line to your application's Gemfile:
|
8
|
+
|
9
|
+
gem 'permissioner'
|
10
|
+
|
11
|
+
And then execute:
|
12
|
+
|
13
|
+
$ bundle
|
14
|
+
|
15
|
+
Or install it yourself as:
|
16
|
+
|
17
|
+
$ gem install permissioner
|
18
|
+
|
19
|
+
## Usage
|
20
|
+
|
21
|
+
TODO: Write usage instructions here
|
22
|
+
|
23
|
+
## Contributing
|
24
|
+
|
25
|
+
1. Fork it
|
26
|
+
2. Create your feature branch (`git checkout -b my-new-feature`)
|
27
|
+
3. Commit your changes (`git commit -am 'Add some feature'`)
|
28
|
+
4. Push to the branch (`git push origin my-new-feature`)
|
29
|
+
5. Create new Pull Request
|
data/Rakefile
ADDED
data/epl-v10.html
ADDED
@@ -0,0 +1,262 @@
|
|
1
|
+
<?xml version="1.0" encoding="ISO-8859-1" ?>
|
2
|
+
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
3
|
+
<html xmlns="http://www.w3.org/1999/xhtml">
|
4
|
+
|
5
|
+
<head>
|
6
|
+
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
|
7
|
+
<title>Eclipse Public License - Version 1.0</title>
|
8
|
+
<style type="text/css">
|
9
|
+
body {
|
10
|
+
size: 8.5in 11.0in;
|
11
|
+
margin: 0.25in 0.5in 0.25in 0.5in;
|
12
|
+
tab-interval: 0.5in;
|
13
|
+
}
|
14
|
+
p {
|
15
|
+
margin-left: auto;
|
16
|
+
margin-top: 0.5em;
|
17
|
+
margin-bottom: 0.5em;
|
18
|
+
}
|
19
|
+
p.list {
|
20
|
+
margin-left: 0.5in;
|
21
|
+
margin-top: 0.05em;
|
22
|
+
margin-bottom: 0.05em;
|
23
|
+
}
|
24
|
+
</style>
|
25
|
+
|
26
|
+
</head>
|
27
|
+
|
28
|
+
<body lang="EN-US">
|
29
|
+
|
30
|
+
<h2>Eclipse Public License - v 1.0</h2>
|
31
|
+
|
32
|
+
<p>THE ACCOMPANYING PROGRAM IS PROVIDED UNDER THE TERMS OF THIS ECLIPSE
|
33
|
+
PUBLIC LICENSE ("AGREEMENT"). ANY USE, REPRODUCTION OR
|
34
|
+
DISTRIBUTION OF THE PROGRAM CONSTITUTES RECIPIENT'S ACCEPTANCE OF THIS
|
35
|
+
AGREEMENT.</p>
|
36
|
+
|
37
|
+
<p><b>1. DEFINITIONS</b></p>
|
38
|
+
|
39
|
+
<p>"Contribution" means:</p>
|
40
|
+
|
41
|
+
<p class="list">a) in the case of the initial Contributor, the initial
|
42
|
+
code and documentation distributed under this Agreement, and</p>
|
43
|
+
<p class="list">b) in the case of each subsequent Contributor:</p>
|
44
|
+
<p class="list">i) changes to the Program, and</p>
|
45
|
+
<p class="list">ii) additions to the Program;</p>
|
46
|
+
<p class="list">where such changes and/or additions to the Program
|
47
|
+
originate from and are distributed by that particular Contributor. A
|
48
|
+
Contribution 'originates' from a Contributor if it was added to the
|
49
|
+
Program by such Contributor itself or anyone acting on such
|
50
|
+
Contributor's behalf. Contributions do not include additions to the
|
51
|
+
Program which: (i) are separate modules of software distributed in
|
52
|
+
conjunction with the Program under their own license agreement, and (ii)
|
53
|
+
are not derivative works of the Program.</p>
|
54
|
+
|
55
|
+
<p>"Contributor" means any person or entity that distributes
|
56
|
+
the Program.</p>
|
57
|
+
|
58
|
+
<p>"Licensed Patents" mean patent claims licensable by a
|
59
|
+
Contributor which are necessarily infringed by the use or sale of its
|
60
|
+
Contribution alone or when combined with the Program.</p>
|
61
|
+
|
62
|
+
<p>"Program" means the Contributions distributed in accordance
|
63
|
+
with this Agreement.</p>
|
64
|
+
|
65
|
+
<p>"Recipient" means anyone who receives the Program under
|
66
|
+
this Agreement, including all Contributors.</p>
|
67
|
+
|
68
|
+
<p><b>2. GRANT OF RIGHTS</b></p>
|
69
|
+
|
70
|
+
<p class="list">a) Subject to the terms of this Agreement, each
|
71
|
+
Contributor hereby grants Recipient a non-exclusive, worldwide,
|
72
|
+
royalty-free copyright license to reproduce, prepare derivative works
|
73
|
+
of, publicly display, publicly perform, distribute and sublicense the
|
74
|
+
Contribution of such Contributor, if any, and such derivative works, in
|
75
|
+
source code and object code form.</p>
|
76
|
+
|
77
|
+
<p class="list">b) Subject to the terms of this Agreement, each
|
78
|
+
Contributor hereby grants Recipient a non-exclusive, worldwide,
|
79
|
+
royalty-free patent license under Licensed Patents to make, use, sell,
|
80
|
+
offer to sell, import and otherwise transfer the Contribution of such
|
81
|
+
Contributor, if any, in source code and object code form. This patent
|
82
|
+
license shall apply to the combination of the Contribution and the
|
83
|
+
Program if, at the time the Contribution is added by the Contributor,
|
84
|
+
such addition of the Contribution causes such combination to be covered
|
85
|
+
by the Licensed Patents. The patent license shall not apply to any other
|
86
|
+
combinations which include the Contribution. No hardware per se is
|
87
|
+
licensed hereunder.</p>
|
88
|
+
|
89
|
+
<p class="list">c) Recipient understands that although each Contributor
|
90
|
+
grants the licenses to its Contributions set forth herein, no assurances
|
91
|
+
are provided by any Contributor that the Program does not infringe the
|
92
|
+
patent or other intellectual property rights of any other entity. Each
|
93
|
+
Contributor disclaims any liability to Recipient for claims brought by
|
94
|
+
any other entity based on infringement of intellectual property rights
|
95
|
+
or otherwise. As a condition to exercising the rights and licenses
|
96
|
+
granted hereunder, each Recipient hereby assumes sole responsibility to
|
97
|
+
secure any other intellectual property rights needed, if any. For
|
98
|
+
example, if a third party patent license is required to allow Recipient
|
99
|
+
to distribute the Program, it is Recipient's responsibility to acquire
|
100
|
+
that license before distributing the Program.</p>
|
101
|
+
|
102
|
+
<p class="list">d) Each Contributor represents that to its knowledge it
|
103
|
+
has sufficient copyright rights in its Contribution, if any, to grant
|
104
|
+
the copyright license set forth in this Agreement.</p>
|
105
|
+
|
106
|
+
<p><b>3. REQUIREMENTS</b></p>
|
107
|
+
|
108
|
+
<p>A Contributor may choose to distribute the Program in object code
|
109
|
+
form under its own license agreement, provided that:</p>
|
110
|
+
|
111
|
+
<p class="list">a) it complies with the terms and conditions of this
|
112
|
+
Agreement; and</p>
|
113
|
+
|
114
|
+
<p class="list">b) its license agreement:</p>
|
115
|
+
|
116
|
+
<p class="list">i) effectively disclaims on behalf of all Contributors
|
117
|
+
all warranties and conditions, express and implied, including warranties
|
118
|
+
or conditions of title and non-infringement, and implied warranties or
|
119
|
+
conditions of merchantability and fitness for a particular purpose;</p>
|
120
|
+
|
121
|
+
<p class="list">ii) effectively excludes on behalf of all Contributors
|
122
|
+
all liability for damages, including direct, indirect, special,
|
123
|
+
incidental and consequential damages, such as lost profits;</p>
|
124
|
+
|
125
|
+
<p class="list">iii) states that any provisions which differ from this
|
126
|
+
Agreement are offered by that Contributor alone and not by any other
|
127
|
+
party; and</p>
|
128
|
+
|
129
|
+
<p class="list">iv) states that source code for the Program is available
|
130
|
+
from such Contributor, and informs licensees how to obtain it in a
|
131
|
+
reasonable manner on or through a medium customarily used for software
|
132
|
+
exchange.</p>
|
133
|
+
|
134
|
+
<p>When the Program is made available in source code form:</p>
|
135
|
+
|
136
|
+
<p class="list">a) it must be made available under this Agreement; and</p>
|
137
|
+
|
138
|
+
<p class="list">b) a copy of this Agreement must be included with each
|
139
|
+
copy of the Program.</p>
|
140
|
+
|
141
|
+
<p>Contributors may not remove or alter any copyright notices contained
|
142
|
+
within the Program.</p>
|
143
|
+
|
144
|
+
<p>Each Contributor must identify itself as the originator of its
|
145
|
+
Contribution, if any, in a manner that reasonably allows subsequent
|
146
|
+
Recipients to identify the originator of the Contribution.</p>
|
147
|
+
|
148
|
+
<p><b>4. COMMERCIAL DISTRIBUTION</b></p>
|
149
|
+
|
150
|
+
<p>Commercial distributors of software may accept certain
|
151
|
+
responsibilities with respect to end users, business partners and the
|
152
|
+
like. While this license is intended to facilitate the commercial use of
|
153
|
+
the Program, the Contributor who includes the Program in a commercial
|
154
|
+
product offering should do so in a manner which does not create
|
155
|
+
potential liability for other Contributors. Therefore, if a Contributor
|
156
|
+
includes the Program in a commercial product offering, such Contributor
|
157
|
+
("Commercial Contributor") hereby agrees to defend and
|
158
|
+
indemnify every other Contributor ("Indemnified Contributor")
|
159
|
+
against any losses, damages and costs (collectively "Losses")
|
160
|
+
arising from claims, lawsuits and other legal actions brought by a third
|
161
|
+
party against the Indemnified Contributor to the extent caused by the
|
162
|
+
acts or omissions of such Commercial Contributor in connection with its
|
163
|
+
distribution of the Program in a commercial product offering. The
|
164
|
+
obligations in this section do not apply to any claims or Losses
|
165
|
+
relating to any actual or alleged intellectual property infringement. In
|
166
|
+
order to qualify, an Indemnified Contributor must: a) promptly notify
|
167
|
+
the Commercial Contributor in writing of such claim, and b) allow the
|
168
|
+
Commercial Contributor to control, and cooperate with the Commercial
|
169
|
+
Contributor in, the defense and any related settlement negotiations. The
|
170
|
+
Indemnified Contributor may participate in any such claim at its own
|
171
|
+
expense.</p>
|
172
|
+
|
173
|
+
<p>For example, a Contributor might include the Program in a commercial
|
174
|
+
product offering, Product X. That Contributor is then a Commercial
|
175
|
+
Contributor. If that Commercial Contributor then makes performance
|
176
|
+
claims, or offers warranties related to Product X, those performance
|
177
|
+
claims and warranties are such Commercial Contributor's responsibility
|
178
|
+
alone. Under this section, the Commercial Contributor would have to
|
179
|
+
defend claims against the other Contributors related to those
|
180
|
+
performance claims and warranties, and if a court requires any other
|
181
|
+
Contributor to pay any damages as a result, the Commercial Contributor
|
182
|
+
must pay those damages.</p>
|
183
|
+
|
184
|
+
<p><b>5. NO WARRANTY</b></p>
|
185
|
+
|
186
|
+
<p>EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, THE PROGRAM IS
|
187
|
+
PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS
|
188
|
+
OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT LIMITATION,
|
189
|
+
ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY
|
190
|
+
OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is solely
|
191
|
+
responsible for determining the appropriateness of using and
|
192
|
+
distributing the Program and assumes all risks associated with its
|
193
|
+
exercise of rights under this Agreement , including but not limited to
|
194
|
+
the risks and costs of program errors, compliance with applicable laws,
|
195
|
+
damage to or loss of data, programs or equipment, and unavailability or
|
196
|
+
interruption of operations.</p>
|
197
|
+
|
198
|
+
<p><b>6. DISCLAIMER OF LIABILITY</b></p>
|
199
|
+
|
200
|
+
<p>EXCEPT AS EXPRESSLY SET FORTH IN THIS AGREEMENT, NEITHER RECIPIENT
|
201
|
+
NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY DIRECT, INDIRECT,
|
202
|
+
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING
|
203
|
+
WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND ON ANY THEORY OF
|
204
|
+
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
205
|
+
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OR
|
206
|
+
DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED
|
207
|
+
HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.</p>
|
208
|
+
|
209
|
+
<p><b>7. GENERAL</b></p>
|
210
|
+
|
211
|
+
<p>If any provision of this Agreement is invalid or unenforceable under
|
212
|
+
applicable law, it shall not affect the validity or enforceability of
|
213
|
+
the remainder of the terms of this Agreement, and without further action
|
214
|
+
by the parties hereto, such provision shall be reformed to the minimum
|
215
|
+
extent necessary to make such provision valid and enforceable.</p>
|
216
|
+
|
217
|
+
<p>If Recipient institutes patent litigation against any entity
|
218
|
+
(including a cross-claim or counterclaim in a lawsuit) alleging that the
|
219
|
+
Program itself (excluding combinations of the Program with other
|
220
|
+
software or hardware) infringes such Recipient's patent(s), then such
|
221
|
+
Recipient's rights granted under Section 2(b) shall terminate as of the
|
222
|
+
date such litigation is filed.</p>
|
223
|
+
|
224
|
+
<p>All Recipient's rights under this Agreement shall terminate if it
|
225
|
+
fails to comply with any of the material terms or conditions of this
|
226
|
+
Agreement and does not cure such failure in a reasonable period of time
|
227
|
+
after becoming aware of such noncompliance. If all Recipient's rights
|
228
|
+
under this Agreement terminate, Recipient agrees to cease use and
|
229
|
+
distribution of the Program as soon as reasonably practicable. However,
|
230
|
+
Recipient's obligations under this Agreement and any licenses granted by
|
231
|
+
Recipient relating to the Program shall continue and survive.</p>
|
232
|
+
|
233
|
+
<p>Everyone is permitted to copy and distribute copies of this
|
234
|
+
Agreement, but in order to avoid inconsistency the Agreement is
|
235
|
+
copyrighted and may only be modified in the following manner. The
|
236
|
+
Agreement Steward reserves the right to publish new versions (including
|
237
|
+
revisions) of this Agreement from time to time. No one other than the
|
238
|
+
Agreement Steward has the right to modify this Agreement. The Eclipse
|
239
|
+
Foundation is the initial Agreement Steward. The Eclipse Foundation may
|
240
|
+
assign the responsibility to serve as the Agreement Steward to a
|
241
|
+
suitable separate entity. Each new version of the Agreement will be
|
242
|
+
given a distinguishing version number. The Program (including
|
243
|
+
Contributions) may always be distributed subject to the version of the
|
244
|
+
Agreement under which it was received. In addition, after a new version
|
245
|
+
of the Agreement is published, Contributor may elect to distribute the
|
246
|
+
Program (including its Contributions) under the new version. Except as
|
247
|
+
expressly stated in Sections 2(a) and 2(b) above, Recipient receives no
|
248
|
+
rights or licenses to the intellectual property of any Contributor under
|
249
|
+
this Agreement, whether expressly, by implication, estoppel or
|
250
|
+
otherwise. All rights in the Program not expressly granted under this
|
251
|
+
Agreement are reserved.</p>
|
252
|
+
|
253
|
+
<p>This Agreement is governed by the laws of the State of New York and
|
254
|
+
the intellectual property laws of the United States of America. No party
|
255
|
+
to this Agreement will bring a legal action under this Agreement more
|
256
|
+
than one year after the cause of action arose. Each party waives its
|
257
|
+
rights to a jury trial in any resulting litigation.</p>
|
258
|
+
|
259
|
+
</body>
|
260
|
+
|
261
|
+
</html>
|
262
|
+
------------A8suzBvPzrflNqC2kT6WbM--
|
@@ -0,0 +1,27 @@
|
|
1
|
+
module Permissioner
|
2
|
+
module ControllerAdditions
|
3
|
+
|
4
|
+
def self.included(base)
|
5
|
+
base.helper_method :allow_action?, :allow_attribute?
|
6
|
+
base.delegate :allow_action?, :allow_attribute?, to: :permission_service
|
7
|
+
end
|
8
|
+
|
9
|
+
def authorize
|
10
|
+
if permission_service.allow_action?(params[:controller], params[:action], current_resource) &&
|
11
|
+
permission_service.passed_filters?(params[:controller], params[:action], params)
|
12
|
+
permission_service.permit_params!(params)
|
13
|
+
else
|
14
|
+
raise Permissioner::NotAuthorized
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
def permission_service
|
19
|
+
@permission_service ||= PermissionService.create(current_user)
|
20
|
+
end
|
21
|
+
|
22
|
+
def current_resource
|
23
|
+
nil
|
24
|
+
end
|
25
|
+
|
26
|
+
end
|
27
|
+
end
|
@@ -0,0 +1,16 @@
|
|
1
|
+
RSpec::Matchers.define :allow_action do |*args|
|
2
|
+
match do |permission_service|
|
3
|
+
permission_service.allow_action?(*args)
|
4
|
+
end
|
5
|
+
end
|
6
|
+
|
7
|
+
RSpec::Matchers.define :allow_attribute do |*args|
|
8
|
+
match do |permission_service|
|
9
|
+
permission_service.allow_attribute?(*args)
|
10
|
+
end
|
11
|
+
end
|
12
|
+
RSpec::Matchers.define :passed_filters do |*args|
|
13
|
+
match do |permission_service|
|
14
|
+
permission_service.passed_filters?(*args)
|
15
|
+
end
|
16
|
+
end
|
@@ -0,0 +1,59 @@
|
|
1
|
+
module Permissioner
|
2
|
+
|
3
|
+
# This module is intended to be included in a class configuring permissions for a permissions service.
|
4
|
+
#
|
5
|
+
# The including class should overwrite the instance method configure_permissions in which the can allow actions and
|
6
|
+
# attributes and can add filters. In order to support this, this module provides the methods #allow_actions,
|
7
|
+
# #allow_attributes and #add_filters which all will be delegated to the permission service.
|
8
|
+
#
|
9
|
+
# To obtain the signed in user instance call current_user.
|
10
|
+
#
|
11
|
+
# In order to get an instance of the including class call the class method ::create acting as an factory method and
|
12
|
+
# ensures correct initialization.
|
13
|
+
#
|
14
|
+
# class ManagerPermissions
|
15
|
+
#
|
16
|
+
# include Permissioner::PermissionConfigurer
|
17
|
+
#
|
18
|
+
# def configure_permissions
|
19
|
+
#
|
20
|
+
# if current_user.manager?
|
21
|
+
#
|
22
|
+
# allow_actions :projects, :update
|
23
|
+
# allow_attributes: project, [:name, description]
|
24
|
+
# end
|
25
|
+
# end
|
26
|
+
#
|
27
|
+
module PermissionConfigurer
|
28
|
+
|
29
|
+
attr_accessor :current_user, :permission_service
|
30
|
+
delegate :allow_actions, :allow_attributes, :add_filter, to: :permission_service
|
31
|
+
|
32
|
+
module ClassMethods
|
33
|
+
|
34
|
+
# Calling this method is the only intended way for creating an instance of the including class. It ensures the
|
35
|
+
# correct initialization and configurations of the permissions.
|
36
|
+
#
|
37
|
+
# Expects the an instance of a class including module Permissioner::PermissionServiceAdditions acting as
|
38
|
+
# permission service and current signed in user.
|
39
|
+
#
|
40
|
+
def create permission_service, current_user
|
41
|
+
permission_configurer= self.new
|
42
|
+
permission_configurer.permission_service = permission_service
|
43
|
+
permission_configurer.current_user = current_user
|
44
|
+
permission_configurer.configure_permissions
|
45
|
+
permission_configurer
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
def self.included(base)
|
50
|
+
base.extend(ClassMethods)
|
51
|
+
end
|
52
|
+
|
53
|
+
# Should be overwritten by the including class and is called during initialization in ::create.
|
54
|
+
# This the intended place where permissions should be configured.
|
55
|
+
#
|
56
|
+
def configure_permissions
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
@@ -0,0 +1,105 @@
|
|
1
|
+
module Permissioner
|
2
|
+
module PermissionServiceAdditions
|
3
|
+
|
4
|
+
module ClassMethods
|
5
|
+
|
6
|
+
def create current_user
|
7
|
+
permission_service = self.new
|
8
|
+
permission_service.current_user = current_user
|
9
|
+
permission_service.configure_permissions
|
10
|
+
permission_service
|
11
|
+
end
|
12
|
+
end
|
13
|
+
|
14
|
+
def self.included(base)
|
15
|
+
base.extend(ClassMethods)
|
16
|
+
end
|
17
|
+
|
18
|
+
attr_accessor :current_user
|
19
|
+
|
20
|
+
def allow_action?(controller, action, resource = nil)
|
21
|
+
allowed = @allow_all || (@allowed_actions && @allowed_actions[[controller.to_s, action.to_s]])
|
22
|
+
allowed && (allowed == true || resource && allowed.call(resource))
|
23
|
+
end
|
24
|
+
|
25
|
+
def allow_attribute?(resource, attribute)
|
26
|
+
@allow_all || @allowed_attributes && @allowed_attributes[resource].try(:include?, attribute)
|
27
|
+
end
|
28
|
+
|
29
|
+
def passed_filters?(controller, action, params)
|
30
|
+
if @filters && @filters[[controller.to_s, action.to_s]]
|
31
|
+
@filters[[controller.to_s, action.to_s]].all? { |block| block.call(params) }
|
32
|
+
else
|
33
|
+
true
|
34
|
+
end
|
35
|
+
end
|
36
|
+
|
37
|
+
def permit_params!(params)
|
38
|
+
if @allow_all
|
39
|
+
params.permit!
|
40
|
+
elsif @allowed_attributes
|
41
|
+
@allowed_attributes.each do |resource, attributes|
|
42
|
+
if params[resource].respond_to? :permit
|
43
|
+
params[resource] = params[resource].permit(*attributes)
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
def allow_all
|
50
|
+
@allow_all = true
|
51
|
+
end
|
52
|
+
|
53
|
+
#Adds the given actions to the list of allowed actions.
|
54
|
+
#The first argument is the controller, the second is the action.
|
55
|
+
#You can allow a single action or multiple actions at once:
|
56
|
+
#
|
57
|
+
# allow_actions :comments, :index
|
58
|
+
# allow_acitons [:comments, :posts], [:index, :create, :update]
|
59
|
+
#
|
60
|
+
#If a block is given it is stored for the given action and will be evaluated every time the authorization for the
|
61
|
+
#action runs. If the block returns true the action is allowed otherwise not. The current_resource will be put
|
62
|
+
#in the block.
|
63
|
+
#
|
64
|
+
def allow_actions(controllers, actions, &block)
|
65
|
+
@allowed_actions ||= {}
|
66
|
+
Array(controllers).each do |controller|
|
67
|
+
Array(actions).each do |action|
|
68
|
+
@allowed_actions[[controller.to_s, action.to_s]] = block || true
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
def allow_attributes(resources, attributes)
|
74
|
+
@allowed_attributes ||= {}
|
75
|
+
Array(resources).each do |resource|
|
76
|
+
@allowed_attributes[resource] ||= []
|
77
|
+
@allowed_attributes[resource] += Array(attributes)
|
78
|
+
end
|
79
|
+
end
|
80
|
+
|
81
|
+
def add_filter(controllers, actions, &block)
|
82
|
+
raise 'no block given' unless block_given?
|
83
|
+
@filters ||= {}
|
84
|
+
Array(controllers).each do |controller|
|
85
|
+
Array(actions).each do |action|
|
86
|
+
@filters[[controller.to_s, action.to_s]] ||= []
|
87
|
+
@filters[[controller.to_s, action.to_s]] << block
|
88
|
+
end
|
89
|
+
end
|
90
|
+
end
|
91
|
+
|
92
|
+
# Configures permissions by calling the factory method ::create on the given class which is intended to include
|
93
|
+
# the module Permissioner::PermissionConfigurer.
|
94
|
+
#
|
95
|
+
def configure configurer_class
|
96
|
+
configurer_class.create(self, current_user)
|
97
|
+
end
|
98
|
+
|
99
|
+
# Should be overwritten by the including class and is called during initialization in ::create.
|
100
|
+
# This the intended place where permissions should be configured.
|
101
|
+
#
|
102
|
+
def configure_permissions
|
103
|
+
end
|
104
|
+
end
|
105
|
+
end
|
data/lib/permissioner.rb
ADDED
@@ -0,0 +1,9 @@
|
|
1
|
+
require "permissioner/version"
|
2
|
+
require "permissioner/permission_service_additions"
|
3
|
+
require "permissioner/permission_configurer"
|
4
|
+
require "permissioner/controller_additions"
|
5
|
+
require "permissioner/exceptions"
|
6
|
+
require "permissioner/railtie" if defined?(Rails)
|
7
|
+
|
8
|
+
module Permissioner
|
9
|
+
end
|
@@ -0,0 +1,22 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'permissioner/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |gem|
|
7
|
+
gem.name = "permissioner"
|
8
|
+
gem.version = Permissioner::VERSION
|
9
|
+
gem.authors = ["Daniel Grawunder, Christian Mierich"]
|
10
|
+
gem.email = ["gramie.sw@gmail.com"]
|
11
|
+
gem.description = %q{A Ruby on Rails authorization gem}
|
12
|
+
gem.summary = %q{An easy to use authorization solution for Ruby on Rails.}
|
13
|
+
|
14
|
+
gem.files = `git ls-files`.split($/)
|
15
|
+
gem.executables = gem.files.grep(%r{^bin/}).map { |f| File.basename(f) }
|
16
|
+
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
17
|
+
gem.require_paths = ["lib"]
|
18
|
+
|
19
|
+
gem.add_development_dependency "rspec", "~> 2.13"
|
20
|
+
gem.add_development_dependency "activesupport", "~>3.2"
|
21
|
+
gem.add_development_dependency "guard-rspec", "~>2.6.0"
|
22
|
+
end
|
@@ -0,0 +1,107 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Permissioner::ControllerAdditions do
|
4
|
+
|
5
|
+
before :each do
|
6
|
+
@controller_class = Class.new
|
7
|
+
@controller_class.stub(:helper_method)
|
8
|
+
@controller_class.send(:include, Permissioner::ControllerAdditions)
|
9
|
+
@controller = @controller_class.new
|
10
|
+
@controller.stub(:current_user)
|
11
|
+
end
|
12
|
+
|
13
|
+
describe '::included' do
|
14
|
+
|
15
|
+
before :each do
|
16
|
+
@clazz = Class.new
|
17
|
+
end
|
18
|
+
|
19
|
+
it 'should delegate helper methods to permission service' do
|
20
|
+
@clazz.should_receive(:helper_method).with(:allow_action?, :allow_attribute?)
|
21
|
+
@clazz.send(:include, Permissioner::ControllerAdditions)
|
22
|
+
end
|
23
|
+
|
24
|
+
it 'should delegate helper methods to permission servie' do
|
25
|
+
@clazz.stub(:helper_method)
|
26
|
+
@clazz.should_receive(:delegate).with(:allow_action?, :allow_attribute?, to: :permission_service)
|
27
|
+
@clazz.send(:include, Permissioner::ControllerAdditions)
|
28
|
+
end
|
29
|
+
end
|
30
|
+
|
31
|
+
|
32
|
+
describe 'authorize' do
|
33
|
+
|
34
|
+
before :each do
|
35
|
+
@params = {controller: 'comments', action: 'index'}
|
36
|
+
@controller.stub(:params).and_return(@params)
|
37
|
+
end
|
38
|
+
|
39
|
+
it 'should call permit_params! if action allwed and filters passed' do
|
40
|
+
@controller.permission_service.should_receive(:allow_action?).and_return(true)
|
41
|
+
@controller.permission_service.should_receive(:passed_filters?).and_return(true)
|
42
|
+
@controller.permission_service.should_receive(:permit_params!).with(@params)
|
43
|
+
@controller.authorize
|
44
|
+
end
|
45
|
+
|
46
|
+
it 'should call allow_action? with correct parameters' do
|
47
|
+
@controller.should_receive(:current_resource).and_return('current_resource')
|
48
|
+
@controller.permission_service.should_receive(:allow_action?).with('comments', 'index', 'current_resource').and_return(true)
|
49
|
+
@controller.permission_service.stub(:passed_filters?).and_return(true)
|
50
|
+
@controller.authorize
|
51
|
+
end
|
52
|
+
|
53
|
+
it 'should call add_filters? with correct parameters' do
|
54
|
+
@controller.should_receive(:current_resource).and_return('current_resource')
|
55
|
+
@controller.permission_service.stub(:allow_action?).and_return(true)
|
56
|
+
@controller.permission_service.should_receive(:passed_filters?).with('comments', 'index', @params).and_return(true)
|
57
|
+
@controller.authorize
|
58
|
+
end
|
59
|
+
|
60
|
+
it 'should raise Permissioner::NotAuthorized when action not allowed' do
|
61
|
+
@controller.permission_service.should_receive(:allow_action?).with('comments', 'index', nil).and_return(false)
|
62
|
+
expect {
|
63
|
+
@controller.authorize
|
64
|
+
}.to raise_error Permissioner::NotAuthorized
|
65
|
+
end
|
66
|
+
|
67
|
+
it 'should raise Permissioner::NotAuthorized when action are allowed but filters did not passed' do
|
68
|
+
@controller.permission_service.should_receive(:allow_action?).and_return(true)
|
69
|
+
@controller.permission_service.should_receive(:passed_filters?).and_return(false)
|
70
|
+
expect {
|
71
|
+
@controller.authorize
|
72
|
+
}.to raise_error Permissioner::NotAuthorized
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
describe '#permission_service' do
|
77
|
+
|
78
|
+
it 'should return instance of PermissionService' do
|
79
|
+
@controller.permission_service.class.should eq PermissionService
|
80
|
+
end
|
81
|
+
|
82
|
+
it 'should cache PermissionService instance' do
|
83
|
+
permission_service_1 = @controller.permission_service
|
84
|
+
permission_service_2 = @controller.permission_service
|
85
|
+
permission_service_1.should eq permission_service_2
|
86
|
+
end
|
87
|
+
|
88
|
+
it 'should create PermissionService by calling PermissionService::create' do
|
89
|
+
PermissionService.should_receive(:create)
|
90
|
+
@controller.permission_service
|
91
|
+
end
|
92
|
+
|
93
|
+
it 'should pass current_user to PermissionService::create' do
|
94
|
+
@controller.should_receive(:current_user).and_return('current_user')
|
95
|
+
PermissionService.should_receive(:create).with('current_user')
|
96
|
+
@controller.permission_service
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
describe '#current_resource' do
|
101
|
+
|
102
|
+
it 'should return nil as default' do
|
103
|
+
@controller.current_resource.should be_nil
|
104
|
+
end
|
105
|
+
end
|
106
|
+
|
107
|
+
end
|
@@ -0,0 +1,47 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe 'matchers' do
|
4
|
+
|
5
|
+
before :each do
|
6
|
+
@permission_service = double('permission_service')
|
7
|
+
end
|
8
|
+
|
9
|
+
describe 'allow_action' do
|
10
|
+
|
11
|
+
it 'should delegate call to PermissionService#allow_action?' do
|
12
|
+
@permission_service.should_receive(:allow_action?).with(:comments, :index).and_return(true)
|
13
|
+
@permission_service.should allow_action :comments, :index
|
14
|
+
end
|
15
|
+
|
16
|
+
it 'should return false when PermissionService#allow_action? returns false' do
|
17
|
+
@permission_service.should_receive(:allow_action?).and_return(false)
|
18
|
+
@permission_service.should_not allow_action
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
describe 'allow_attribute' do
|
23
|
+
|
24
|
+
it 'should delegate call to PermissionService#allow_action?' do
|
25
|
+
@permission_service.should_receive(:allow_attribute?).with(:comment, :user_id, :text).and_return(true)
|
26
|
+
@permission_service.should allow_attribute :comment, :user_id, :text
|
27
|
+
end
|
28
|
+
|
29
|
+
it 'should return false when PermissionService#allow_action? returns false' do
|
30
|
+
@permission_service.should_receive(:allow_attribute?).and_return(false)
|
31
|
+
@permission_service.should_not allow_attribute
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
describe 'passed_filters' do
|
36
|
+
|
37
|
+
it 'should delegate call to PermissionService#allow_action?' do
|
38
|
+
@permission_service.should_receive(:passed_filters?).with(:comment, :user_id, :text).and_return(true)
|
39
|
+
@permission_service.should passed_filters :comment, :user_id, :text
|
40
|
+
end
|
41
|
+
|
42
|
+
it 'should return false when PermissionService#allow_action? returns false' do
|
43
|
+
@permission_service.should_receive(:passed_filters?).and_return(false)
|
44
|
+
@permission_service.should_not passed_filters
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
@@ -0,0 +1,60 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Permissioner::PermissionConfigurer do
|
4
|
+
|
5
|
+
before :each do
|
6
|
+
@permission_configurer_class = Class.new
|
7
|
+
@permission_configurer_class.send(:include, Permissioner::PermissionConfigurer)
|
8
|
+
@permissioin_configurer = @permission_configurer_class.new
|
9
|
+
end
|
10
|
+
|
11
|
+
context 'delegation' do
|
12
|
+
|
13
|
+
it 'should delegate call to allow_actions to permission_service' do
|
14
|
+
@permissioin_configurer.should_receive(:allow_actions).with(:comments, :index)
|
15
|
+
@permissioin_configurer.allow_actions(:comments, :index)
|
16
|
+
end
|
17
|
+
|
18
|
+
it 'should delegate call to allow_attributes to permission_service' do
|
19
|
+
@permissioin_configurer.should_receive(:allow_attributes).with(:comment, [:user_id, :text])
|
20
|
+
@permissioin_configurer.allow_attributes(:comment, [:user_id, :text])
|
21
|
+
end
|
22
|
+
|
23
|
+
it 'should delegate call to add_filter to permission_service' do
|
24
|
+
@permissioin_configurer.should_receive(:add_filter).with(:comments, :create, Proc.new {})
|
25
|
+
@permissioin_configurer.add_filter(:comments, :create, Proc.new {})
|
26
|
+
end
|
27
|
+
end
|
28
|
+
|
29
|
+
describe '::included' do
|
30
|
+
|
31
|
+
it 'should extend including class with module Permissioner::PermissionConfigurer::ClassMethods' do
|
32
|
+
clazz = Class.new
|
33
|
+
clazz.should_receive(:extend).with(Permissioner::PermissionConfigurer::ClassMethods)
|
34
|
+
clazz.send(:include, Permissioner::PermissionConfigurer)
|
35
|
+
end
|
36
|
+
end
|
37
|
+
|
38
|
+
describe '::create' do
|
39
|
+
|
40
|
+
it 'should return permission_service instance' do
|
41
|
+
permission_service = @permission_configurer_class.create(nil, nil)
|
42
|
+
permission_service.class.included_modules.should include(Permissioner::PermissionConfigurer)
|
43
|
+
end
|
44
|
+
|
45
|
+
it 'should set permission_service' do
|
46
|
+
@permission_configurer_class.any_instance.should_receive(:permission_service=).with('permission_service')
|
47
|
+
@permission_configurer_class.create('permission_service', nil)
|
48
|
+
end
|
49
|
+
|
50
|
+
it 'should set current_user' do
|
51
|
+
@permission_configurer_class.any_instance.should_receive(:current_user=).with('current_user')
|
52
|
+
@permission_configurer_class.create(nil, 'current_user')
|
53
|
+
end
|
54
|
+
|
55
|
+
it 'should call configure_permissions current_user' do
|
56
|
+
@permission_configurer_class.any_instance.should_receive(:configure_permissions)
|
57
|
+
@permission_configurer_class.create(nil, nil)
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
@@ -0,0 +1,263 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
|
3
|
+
describe Permissioner::PermissionServiceAdditions do
|
4
|
+
|
5
|
+
before :each do
|
6
|
+
@permission_service_class = Class.new
|
7
|
+
@permission_service_class.send(:include, Permissioner::PermissionServiceAdditions)
|
8
|
+
@permission_service = @permission_service_class.new
|
9
|
+
end
|
10
|
+
|
11
|
+
describe '::included' do
|
12
|
+
|
13
|
+
it 'should extend including class with module Permissioner::PermissionServiceAdditions::ClassMethods' do
|
14
|
+
clazz = Class.new
|
15
|
+
clazz.should_receive(:extend).with(Permissioner::PermissionServiceAdditions::ClassMethods)
|
16
|
+
clazz.send(:include, Permissioner::PermissionServiceAdditions)
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
describe '::create' do
|
21
|
+
|
22
|
+
before :each do
|
23
|
+
@permission_service_class.any_instance.stub(:configure_permissions)
|
24
|
+
end
|
25
|
+
|
26
|
+
it 'should return permission_service instance' do
|
27
|
+
permission_service = @permission_service_class.create(nil)
|
28
|
+
permission_service.class.included_modules.should include(Permissioner::PermissionServiceAdditions)
|
29
|
+
end
|
30
|
+
|
31
|
+
it 'should set current_user' do
|
32
|
+
@permission_service_class.any_instance.should_receive(:current_user=).with('current_user')
|
33
|
+
@permission_service_class.create('current_user')
|
34
|
+
end
|
35
|
+
|
36
|
+
it 'should call configure_permissions current_user' do
|
37
|
+
@permission_service_class.any_instance.should_receive(:configure_permissions)
|
38
|
+
@permission_service_class.create(nil)
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
describe '#allow_action?' do
|
43
|
+
|
44
|
+
it 'should return true if @allow_all is true' do
|
45
|
+
@permission_service.allow_all
|
46
|
+
@permission_service.allow_action?(:comments, :index).should be_true
|
47
|
+
end
|
48
|
+
|
49
|
+
context 'when no block given' do
|
50
|
+
|
51
|
+
it 'should return true if given action allowed' do
|
52
|
+
@permission_service.allow_actions :comments, :index
|
53
|
+
@permission_service.allow_action?(:comments, :index).should be_true
|
54
|
+
end
|
55
|
+
|
56
|
+
it 'should return false if given action not allowed' do
|
57
|
+
@permission_service.allow_action?(:comments, :index).should be_false
|
58
|
+
@permission_service.allow_actions :comments, :create
|
59
|
+
@permission_service.allow_action?(:comments, :index).should be_false
|
60
|
+
end
|
61
|
+
end
|
62
|
+
|
63
|
+
context 'when block given' do
|
64
|
+
|
65
|
+
it 'should call block for given action when ressource is given' do
|
66
|
+
block = Proc.new {}
|
67
|
+
block.should_receive(:call)
|
68
|
+
@permission_service.allow_actions :comments, :index, &block
|
69
|
+
@permission_service.allow_action?(:comments, :index, 'resource')
|
70
|
+
end
|
71
|
+
|
72
|
+
it 'should not call block for given action but no ressource is given' do
|
73
|
+
block = Proc.new {}
|
74
|
+
block.should_receive(:call).never
|
75
|
+
@permission_service.allow_actions :comments, :index, &block
|
76
|
+
@permission_service.allow_action?(:comments, :index)
|
77
|
+
end
|
78
|
+
|
79
|
+
it 'should return true when block returns true' do
|
80
|
+
block = Proc.new { true }
|
81
|
+
@permission_service.allow_actions :comments, :index, &block
|
82
|
+
@permission_service.allow_action?(:comments, :index, 'resource').should be_true
|
83
|
+
end
|
84
|
+
|
85
|
+
it 'should return false when block returns false' do
|
86
|
+
block = Proc.new { false }
|
87
|
+
@permission_service.allow_actions :comments, :index, &block
|
88
|
+
@permission_service.allow_action?(:comments, :index, 'resource').should be_false
|
89
|
+
end
|
90
|
+
|
91
|
+
it 'should return false when no ressource given' do
|
92
|
+
block = Proc.new { true }
|
93
|
+
@permission_service.allow_actions :comments, :index, &block
|
94
|
+
@permission_service.allow_action?(:comments, :index).should be_false
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
describe '#passed_filters?' do
|
100
|
+
|
101
|
+
it 'should return true when all blocks for given controller and action returns true' do
|
102
|
+
@permission_service.add_filter(:comments, :create, &Proc.new { true })
|
103
|
+
@permission_service.passed_filters?(:comments, :create, 'params').should be_true
|
104
|
+
end
|
105
|
+
|
106
|
+
it 'should return true when no filters are added at all' do
|
107
|
+
@permission_service.passed_filters?(:comments, :create, 'params').should be_true
|
108
|
+
end
|
109
|
+
|
110
|
+
it 'should return true when for given controller and action no filters has been added' do
|
111
|
+
@permission_service.add_filter(:comments, :update, &Proc.new {})
|
112
|
+
@permission_service.passed_filters?(:comments, :create, 'params').should be_true
|
113
|
+
end
|
114
|
+
|
115
|
+
it 'should return false when at least one block for given controller and action returns false' do
|
116
|
+
@permission_service.add_filter(:comments, :create, &Proc.new { true })
|
117
|
+
@permission_service.add_filter(:comments, :create, &Proc.new { false })
|
118
|
+
@permission_service.add_filter(:comments, :create, &Proc.new { true })
|
119
|
+
@permission_service.passed_filters?(:comments, :create, 'params').should be_false
|
120
|
+
end
|
121
|
+
|
122
|
+
it 'should pass params to the given block' do
|
123
|
+
params = Object.new
|
124
|
+
@permission_service.add_filter(:comments, :create, &Proc.new { |p| p.object_id.should eq params.object_id })
|
125
|
+
@permission_service.passed_filters?(:comments, :create, params)
|
126
|
+
end
|
127
|
+
end
|
128
|
+
|
129
|
+
describe '#allow_attributes?' do
|
130
|
+
|
131
|
+
it 'should return true when @allow_all is true' do
|
132
|
+
@permission_service.allow_all
|
133
|
+
@permission_service.allow_attribute?(:comment, :user_id).should be_true
|
134
|
+
end
|
135
|
+
|
136
|
+
it 'should return true when param is allowed' do
|
137
|
+
@permission_service.allow_attributes(:comment, :user_id)
|
138
|
+
@permission_service.allow_attribute?(:comment, :user_id).should be_true
|
139
|
+
end
|
140
|
+
|
141
|
+
it 'should return false when param not allowed' do
|
142
|
+
@permission_service.allow_attribute?(:comment, :user_id).should be_false
|
143
|
+
end
|
144
|
+
end
|
145
|
+
|
146
|
+
describe '#permit_params!' do
|
147
|
+
|
148
|
+
it 'should call permit! on given params when @allow_all is true' do
|
149
|
+
params = double('params')
|
150
|
+
params.should_receive(:permit!)
|
151
|
+
@permission_service.allow_all
|
152
|
+
@permission_service.permit_params!(params)
|
153
|
+
end
|
154
|
+
|
155
|
+
it 'should call permit on allowed params' do
|
156
|
+
params = {comment: {user_id: '12', text: 'text', date: 'date'}, post: {title: 'title', content: 'content'}}
|
157
|
+
@permission_service.allow_attributes(:comment, [:user_id, :text])
|
158
|
+
@permission_service.allow_attributes(:post, [:title, :content])
|
159
|
+
params[:comment].should_receive(:respond_to?).with(:permit).and_return(true)
|
160
|
+
params[:comment].should_receive(:permit).with(:user_id, :text)
|
161
|
+
params[:post].should_receive(:permit).with(:title, :content)
|
162
|
+
@permission_service.permit_params!(params)
|
163
|
+
end
|
164
|
+
end
|
165
|
+
|
166
|
+
describe '#allow_all' do
|
167
|
+
|
168
|
+
it 'should set @allow_all to true' do
|
169
|
+
@permission_service.allow_all
|
170
|
+
@permission_service.instance_variable_get(:@allow_all).should be_true
|
171
|
+
end
|
172
|
+
end
|
173
|
+
|
174
|
+
describe '#allow_actions' do
|
175
|
+
|
176
|
+
it 'should add controller and action to @allowed_actions' do
|
177
|
+
@permission_service.allow_actions :comments, :index
|
178
|
+
allowed_actions = @permission_service.instance_variable_get(:@allowed_actions)
|
179
|
+
allowed_actions.count.should eq 1
|
180
|
+
allowed_actions[['comments', 'index']].should be_true
|
181
|
+
end
|
182
|
+
|
183
|
+
it 'should add controllers and action to @allowed_actions when multiple given' do
|
184
|
+
@permission_service.allow_actions([:comments, :users], [:index, :create])
|
185
|
+
allowed_actions = @permission_service.instance_variable_get(:@allowed_actions)
|
186
|
+
allowed_actions.count.should eq 4
|
187
|
+
allowed_actions[['comments', 'index']].should be_true
|
188
|
+
allowed_actions[['comments', 'create']].should be_true
|
189
|
+
allowed_actions[['users', 'index']].should be_true
|
190
|
+
allowed_actions[['users', 'create']].should be_true
|
191
|
+
end
|
192
|
+
|
193
|
+
it 'should add controllers and action to @allowed_actions and store block when given' do
|
194
|
+
block = Proc.new {}
|
195
|
+
@permission_service.allow_actions(:comments, :edit, &block)
|
196
|
+
allowed_actions = @permission_service.instance_variable_get(:@allowed_actions)
|
197
|
+
allowed_actions[['comments', 'edit']].object_id.should eq block.object_id
|
198
|
+
end
|
199
|
+
end
|
200
|
+
|
201
|
+
describe '#allow_attributes' do
|
202
|
+
|
203
|
+
it 'should add resource and attribute to @allowed_params' do
|
204
|
+
@permission_service.allow_attributes :comment, :text
|
205
|
+
allowed_params = @permission_service.instance_variable_get(:@allowed_attributes)
|
206
|
+
allowed_params.count.should eq 1
|
207
|
+
allowed_params[:comment].should eq [:text]
|
208
|
+
end
|
209
|
+
|
210
|
+
it 'should add resource and attribute to @allowed_params if multiple given' do
|
211
|
+
@permission_service.allow_attributes [:comment, :post], [:user, :text]
|
212
|
+
allowed_params = @permission_service.instance_variable_get(:@allowed_attributes)
|
213
|
+
allowed_params.count.should eq 2
|
214
|
+
allowed_params[:comment].should eq [:user, :text]
|
215
|
+
allowed_params[:post].should eq [:user, :text]
|
216
|
+
end
|
217
|
+
end
|
218
|
+
|
219
|
+
describe '#add_filter' do
|
220
|
+
|
221
|
+
it 'should add given block to @filters addressed by controller and action' do
|
222
|
+
block = Proc.new {}
|
223
|
+
@permission_service.add_filter(:comments, :create, &block)
|
224
|
+
filter_list = @permission_service.instance_variable_get(:@filters)[['comments', 'create']]
|
225
|
+
filter_list.count.should eq 1
|
226
|
+
filter_list.should include block
|
227
|
+
end
|
228
|
+
|
229
|
+
it 'should add given block to @filters addressed by controller and action when multiple given' do
|
230
|
+
block = Proc.new {}
|
231
|
+
@permission_service.add_filter([:comments, :posts], [:create, :update], &block)
|
232
|
+
@permission_service.instance_variable_get(:@filters)[['comments', 'create']].should include block
|
233
|
+
@permission_service.instance_variable_get(:@filters)[['comments', 'update']].should include block
|
234
|
+
@permission_service.instance_variable_get(:@filters)[['posts', 'create']].should include block
|
235
|
+
@permission_service.instance_variable_get(:@filters)[['posts', 'update']].should include block
|
236
|
+
end
|
237
|
+
|
238
|
+
it 'should add multiple blocks to @filters addressed by controller and action' do
|
239
|
+
block_1 = Proc.new { 'block 1' }
|
240
|
+
block_2 = Proc.new { 'block 2' }
|
241
|
+
@permission_service.add_filter(:comments, :create, &block_1)
|
242
|
+
@permission_service.add_filter(:comments, :create, &block_2)
|
243
|
+
filter_list = @permission_service.instance_variable_get(:@filters)[['comments', 'create']]
|
244
|
+
filter_list.count.should eq 2
|
245
|
+
filter_list.should include block_1
|
246
|
+
filter_list.should include block_2
|
247
|
+
end
|
248
|
+
|
249
|
+
it 'should rails exception when no block given' do
|
250
|
+
expect { @permission_service.add_filter(:comments, :index) }.to raise_error('no block given')
|
251
|
+
end
|
252
|
+
end
|
253
|
+
|
254
|
+
describe 'configure' do
|
255
|
+
|
256
|
+
it 'should call create on the given configurer class' do
|
257
|
+
@permission_service.stub(:current_user).and_return('current_user')
|
258
|
+
configurer_class = double('permission_configurer')
|
259
|
+
configurer_class.should_receive(:create).with(@permission_service, 'current_user')
|
260
|
+
@permission_service.configure(configurer_class)
|
261
|
+
end
|
262
|
+
end
|
263
|
+
end
|
data/spec/spec_helper.rb
ADDED
metadata
ADDED
@@ -0,0 +1,121 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: permissioner
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1.beta
|
5
|
+
prerelease: 6
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Daniel Grawunder, Christian Mierich
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2013-05-09 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: rspec
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ~>
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '2.13'
|
22
|
+
type: :development
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
26
|
+
requirements:
|
27
|
+
- - ~>
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '2.13'
|
30
|
+
- !ruby/object:Gem::Dependency
|
31
|
+
name: activesupport
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
33
|
+
none: false
|
34
|
+
requirements:
|
35
|
+
- - ~>
|
36
|
+
- !ruby/object:Gem::Version
|
37
|
+
version: '3.2'
|
38
|
+
type: :development
|
39
|
+
prerelease: false
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
41
|
+
none: false
|
42
|
+
requirements:
|
43
|
+
- - ~>
|
44
|
+
- !ruby/object:Gem::Version
|
45
|
+
version: '3.2'
|
46
|
+
- !ruby/object:Gem::Dependency
|
47
|
+
name: guard-rspec
|
48
|
+
requirement: !ruby/object:Gem::Requirement
|
49
|
+
none: false
|
50
|
+
requirements:
|
51
|
+
- - ~>
|
52
|
+
- !ruby/object:Gem::Version
|
53
|
+
version: 2.6.0
|
54
|
+
type: :development
|
55
|
+
prerelease: false
|
56
|
+
version_requirements: !ruby/object:Gem::Requirement
|
57
|
+
none: false
|
58
|
+
requirements:
|
59
|
+
- - ~>
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: 2.6.0
|
62
|
+
description: A Ruby on Rails authorization gem
|
63
|
+
email:
|
64
|
+
- gramie.sw@gmail.com
|
65
|
+
executables: []
|
66
|
+
extensions: []
|
67
|
+
extra_rdoc_files: []
|
68
|
+
files:
|
69
|
+
- .gitignore
|
70
|
+
- .rspec
|
71
|
+
- CHANGELOG
|
72
|
+
- Gemfile
|
73
|
+
- Guardfile
|
74
|
+
- LICENSE.txt
|
75
|
+
- README.md
|
76
|
+
- Rakefile
|
77
|
+
- epl-v10.html
|
78
|
+
- lib/permissioner.rb
|
79
|
+
- lib/permissioner/controller_additions.rb
|
80
|
+
- lib/permissioner/exceptions.rb
|
81
|
+
- lib/permissioner/matchers.rb
|
82
|
+
- lib/permissioner/permission_configurer.rb
|
83
|
+
- lib/permissioner/permission_service_additions.rb
|
84
|
+
- lib/permissioner/railtie.rb
|
85
|
+
- lib/permissioner/version.rb
|
86
|
+
- permissioner.gemspec
|
87
|
+
- spec/permissioner/controller_additions_spec.rb
|
88
|
+
- spec/permissioner/matchers_spec.rb
|
89
|
+
- spec/permissioner/permission_configurer_spec.rb
|
90
|
+
- spec/permissioner/permission_service_additions_spec.rb
|
91
|
+
- spec/spec_helper.rb
|
92
|
+
homepage:
|
93
|
+
licenses: []
|
94
|
+
post_install_message:
|
95
|
+
rdoc_options: []
|
96
|
+
require_paths:
|
97
|
+
- lib
|
98
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
99
|
+
none: false
|
100
|
+
requirements:
|
101
|
+
- - ! '>='
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '0'
|
104
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
105
|
+
none: false
|
106
|
+
requirements:
|
107
|
+
- - ! '>'
|
108
|
+
- !ruby/object:Gem::Version
|
109
|
+
version: 1.3.1
|
110
|
+
requirements: []
|
111
|
+
rubyforge_project:
|
112
|
+
rubygems_version: 1.8.24
|
113
|
+
signing_key:
|
114
|
+
specification_version: 3
|
115
|
+
summary: An easy to use authorization solution for Ruby on Rails.
|
116
|
+
test_files:
|
117
|
+
- spec/permissioner/controller_additions_spec.rb
|
118
|
+
- spec/permissioner/matchers_spec.rb
|
119
|
+
- spec/permissioner/permission_configurer_spec.rb
|
120
|
+
- spec/permissioner/permission_service_additions_spec.rb
|
121
|
+
- spec/spec_helper.rb
|