polly-access_denied 0.0.1

data/MIT-LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 [name of plugin creator]
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README

@@ -0,0 +1,13 @@
+Access Denied
+============
+
+Generators for adding simple authorization to nifty-autentication
+
+
+Example
+=======
+
+Comming soon...
+
+
+Copyright (c) 2009 Patrik Hedman, released under the MIT license

data/access_denied.gemspec

@@ -0,0 +1,41 @@
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{access_denied}
+  s.version = "0.0.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Patrik Hedman"]
+  s.date = %q{2009-07-03}
+  s.description = %q{Generators for adding simple authorization to nifty-autentication}
+  s.email = %q{patrik@moresale.se}
+  s.files = [
+     "MIT-LICENSE",
+     "README",
+     "access_denied.gemspec",
+     "generators/access_denied/access_denied_generator.rb",
+     "generators/access_denied/templates/access_denied.rb",
+     "generators/access_denied/templates/access_denied_config.yml",
+     "generators/access_denied/templates/add_roles_to_user_migration.rb",
+     "generators/access_denied/templates/application_controller_extensions.rb",
+     "generators/access_denied/templates/application_controller_extensions_test.rb",
+     "generators/access_denied/templates/user_extensions.rb",
+     "generators/access_denied/templates/user_extensions_test.rb",
+     "generators/access_denied/USAGE"
+  ]
+  s.homepage = %q{http://github.com/polly/access_denied}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.4}
+  s.summary = %q{Need to write one}
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
+    else
+    end
+  else
+  end
+end

data/generators/access_denied/USAGE

@@ -0,0 +1,8 @@
+Description:
+    Explain the generator
+
+Example:
+    ./script/generate access_denied Thing
+
+    This will create:
+        what/will/it/create

data/generators/access_denied/access_denied_generator.rb

@@ -0,0 +1,31 @@
+class AccessDeniedGenerator < Rails::Generator::Base
+  def manifest
+    record do |m|
+      # Create directory structure
+      m.directory "lib/access_denied"
+      m.directory "lib/access_denied/extensions"
+
+      # Library files:
+      m.template "access_denied.rb",                     "config/initializers/access_denied.rb"
+      m.template "application_controller_extensions.rb", "lib/access_denied/extensions/application_controller_extensions.rb"
+      m.template "user_extensions.rb",                   "lib/access_denied/extensions/user_extensions.rb"
+      m.template "add_roles_to_user_migration.rb",       "db/migrate/#{generate_migration_prefix}add_roles_to_user.rb"
+      m.template "access_denied_config.yml",             "config/access_denied_config.yml"
+
+      # Test files:
+      m.template "application_controller_extensions_test.rb", "test/functional/application_controller_extensions_test.rb"
+      m.template "user_extensions_test.rb", "test/unit/user_extensions_test.rb"
+    end
+  end
+
+  def generate_migration_prefix
+    year, month, day, hour, min, sec = DateTime.now.year, DateTime.now.month, DateTime.now.day, DateTime.now.hour, DateTime.now.min, DateTime.now.sec
+    month = "0#{month}" unless month > 10
+    day   = "0#{day}"   unless day   > 10
+    hour  = "0#{hour}"  unless hour  > 10
+    min   = "0#{min}"   unless min   > 10
+    sec   = "0#{sec}"   unless sec   > 10
+
+    "#{year}#{month}#{day}#{hour}#{min}#{sec}_"
+  end
+end

data/generators/access_denied/templates/access_denied.rb

@@ -0,0 +1,9 @@
+require 'ostruct'
+require 'yaml'
+
+raw_config           = File.read(RAILS_ROOT + "/config/access_denied_config.yml")
+config               = OpenStruct.new(YAML.load(raw_config))
+::AccessDeniedConfig = OpenStruct.new(config.send("roles"))
+
+require "#{RAILS_ROOT}/lib/access_denied/extensions/user_extensions"
+require "#{RAILS_ROOT}/lib/access_denied/extensions/application_controller_extensions"

data/generators/access_denied/templates/access_denied_config.yml

@@ -0,0 +1,4 @@
+roles:
+  admin:           1
+  privileged_user: 2
+  regular_user:    3

data/generators/access_denied/templates/add_roles_to_user_migration.rb

@@ -0,0 +1,9 @@
+class AddRolesToUser < ActiveRecord::Migration
+  def self.up
+    add_column :users, :role_type, :integer
+  end
+
+  def self.down
+    remove_column :users, :role_type
+  end
+end

data/generators/access_denied/templates/application_controller_extensions.rb

@@ -0,0 +1,36 @@
+module Authorizer
+  def self.included(controller)
+    controller.send :include, InstanceMethods
+    controller.extend ClassMethods
+  end
+
+  module InstanceMethods
+    def authorized?(*roles)
+      if current_user
+        unless valid_user?(*roles)
+          session[:user_id] = nil
+          login_required
+        end
+      else
+        login_required
+      end
+    end
+
+    def valid_user?(*roles)
+      statement = returning [] do |s|
+        roles.each { |role| s << current_user.send("#{role}?") }
+      end.join(" || ")
+
+      return eval(statement)
+    end
+  end
+
+  module ClassMethods
+    def ensure_role(*args)
+      actions, roles = args.extract_options!, args
+      before_filter(actions) { |c| c.authorized? *roles }
+    end
+  end
+end
+
+ActionController::Base.send(:include, Authorizer)

data/generators/access_denied/templates/application_controller_extensions_test.rb

@@ -0,0 +1,100 @@
+require 'test_helper'
+
+class ApplicationControllerExtensionsTest < ActionController::TestCase
+  test "unprotected actions should render just fine" do
+    
+    class ::UnprotectedIndexController < ApplicationController
+      access_denied_config = ::AccessDeniedConfig.methods(false).reject { |item| item.include?("=") }.sort 
+      ensure_role access_denied_config.first, :except => [ :index ]
+      
+      def index 
+        render :text => "Unprotected#index"
+      end
+    end
+    @controller = ::UnprotectedIndexController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+
+    ActionController::Routing::Routes.draw do |map|
+      map.resources :unprotected_index
+    end
+    
+    get :index
+    assert_response 200
+  end
+
+  test "protected actions should result in a redirect" do
+    class ::ProtectedIndexController < ApplicationController
+      access_denied_config = ::AccessDeniedConfig.methods(false).reject { |item| item.include?("=") }.sort 
+      ensure_role access_denied_config.first, :only => [ :index ]
+      
+      def index 
+        render :text => "Protected#index"
+      end
+    end
+    @controller = ::ProtectedIndexController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+
+    ActionController::Routing::Routes.draw do |map|
+      map.resources :protected_index
+    end
+    
+    get :index
+    assert_redirected_to login_path
+  end
+
+  test "user with required role should see protected actions" do
+    class ::IndexForAdminController < ApplicationController
+      access_denied_config = ::AccessDeniedConfig.methods(false).reject { |item| item.include?("=") }.sort 
+      ensure_role access_denied_config.first, :only => [ :index ]
+      
+      def index
+        render :text => "Protected#show"
+      end
+    end
+    @controller = ::IndexForAdminController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+
+    ActionController::Routing::Routes.draw do |map|
+      map.resources :index_for_admin
+    end
+    
+    access_denied_config = ::AccessDeniedConfig.methods(false).reject { |item| item.include?("=") }.sort 
+    user = User.new(:username => "test_user", :role_type => ::AccessDeniedConfig.send(access_denied_config.first), :email => "test@user.com", :password => "secret", :password_confirmation => "secret")
+    user.save
+    
+    @request.session[:user_id] = user.id
+
+    get :index
+    assert_response :success
+  end
+
+  test "user without required role should not see protected actions" do
+    class ::IndexForNonAdminController < ApplicationController
+      access_denied_config = ::AccessDeniedConfig.methods(false).reject { |item| item.include?("=") }.sort 
+      ensure_role access_denied_config.first, :only => [ :index ]
+      
+      def index
+        render :text => "Protected#show"
+      end
+    end
+    @controller = ::IndexForNonAdminController.new
+    @request    = ActionController::TestRequest.new
+    @response   = ActionController::TestResponse.new
+
+    ActionController::Routing::Routes.draw do |map|
+      map.resources :index_for_non_admin
+    end
+    
+    access_denied_config = ::AccessDeniedConfig.methods(false).reject { |item| item.include?("=") }.sort 
+    user = User.new(:username => "test_user", :role_type => AccessDeniedConfig.send(access_denied_config.last), :email => "test@user.com", :password => "secret", :password_confirmation => "secret")
+    user.save
+    
+    @request.session[:user_id] = user.id
+
+    get :index
+    assert_redirected_to login_url
+  end
+end

data/generators/access_denied/templates/user_extensions.rb

@@ -0,0 +1,15 @@
+module UserExtensions
+
+  def self.included(klass)
+    klass.send :include, InstanceMethods
+  end
+
+  module InstanceMethods
+    access_denied_config = ::AccessDeniedConfig.methods(false).reject { |item| item.include?("=") }.sort
+    access_denied_config.each do |method_name|
+      define_method "#{method_name}?" do
+        self.role_type == ::AccessDeniedConfig.send(method_name)
+      end
+    end
+  end
+end

data/generators/access_denied/templates/user_extensions_test.rb

@@ -0,0 +1,23 @@
+require 'test_helper'
+
+class UserExtensionsTest < ActiveSupport::TestCase
+  access_denied_config = ::AccessDeniedConfig.methods(false).reject { |item| item.include?("=") }.sort
+
+  access_denied_config.each do |method_name|
+    define_method "test_#{method_name}_for_#{method_name}_should_return_true" do
+      user = User.new
+      user.role_type = AccessDeniedConfig.send(method_name)
+
+      assert_equal true, user.send("#{method_name}?")
+    end
+
+    access_denied_config.reject { |item| item == method_name }.each do |name|
+        define_method "test_#{name}_for_#{method_name}_should_return_false" do
+          user = User.new
+          user.role_type = AccessDeniedConfig.send(method_name)
+
+          assert_equal false, user.send("#{name}?")
+        end
+      end
+  end
+end

metadata

@@ -0,0 +1,65 @@
+--- !ruby/object:Gem::Specification 
+name: polly-access_denied
+version: !ruby/object:Gem::Version 
+  version: 0.0.1
+platform: ruby
+authors: 
+- Patrik Hedman
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2009-07-03 00:00:00 -07:00
+default_executable: 
+dependencies: []
+
+description: Generators for adding simple authorization to nifty-autentication
+email: patrik@moresale.se
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- MIT-LICENSE
+- README
+- access_denied.gemspec
+- generators/access_denied/access_denied_generator.rb
+- generators/access_denied/templates/access_denied.rb
+- generators/access_denied/templates/access_denied_config.yml
+- generators/access_denied/templates/add_roles_to_user_migration.rb
+- generators/access_denied/templates/application_controller_extensions.rb
+- generators/access_denied/templates/application_controller_extensions_test.rb
+- generators/access_denied/templates/user_extensions.rb
+- generators/access_denied/templates/user_extensions_test.rb
+- generators/access_denied/USAGE
+has_rdoc: false
+homepage: http://github.com/polly/access_denied
+licenses: 
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      version: "0"
+  version: 
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.5
+signing_key: 
+specification_version: 3
+summary: Need to write one
+test_files: []
+