polly-access_denied 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/MIT-LICENSE +20 -0
- data/README +13 -0
- data/access_denied.gemspec +41 -0
- data/generators/access_denied/USAGE +8 -0
- data/generators/access_denied/access_denied_generator.rb +31 -0
- data/generators/access_denied/templates/access_denied.rb +9 -0
- data/generators/access_denied/templates/access_denied_config.yml +4 -0
- data/generators/access_denied/templates/add_roles_to_user_migration.rb +9 -0
- data/generators/access_denied/templates/application_controller_extensions.rb +36 -0
- data/generators/access_denied/templates/application_controller_extensions_test.rb +100 -0
- data/generators/access_denied/templates/user_extensions.rb +15 -0
- data/generators/access_denied/templates/user_extensions_test.rb +23 -0
- metadata +65 -0
data/MIT-LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2009 [name of plugin creator]
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README
ADDED
@@ -0,0 +1,41 @@
|
|
1
|
+
# -*- encoding: utf-8 -*-
|
2
|
+
|
3
|
+
Gem::Specification.new do |s|
|
4
|
+
s.name = %q{access_denied}
|
5
|
+
s.version = "0.0.1"
|
6
|
+
|
7
|
+
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
8
|
+
s.authors = ["Patrik Hedman"]
|
9
|
+
s.date = %q{2009-07-03}
|
10
|
+
s.description = %q{Generators for adding simple authorization to nifty-autentication}
|
11
|
+
s.email = %q{patrik@moresale.se}
|
12
|
+
s.files = [
|
13
|
+
"MIT-LICENSE",
|
14
|
+
"README",
|
15
|
+
"access_denied.gemspec",
|
16
|
+
"generators/access_denied/access_denied_generator.rb",
|
17
|
+
"generators/access_denied/templates/access_denied.rb",
|
18
|
+
"generators/access_denied/templates/access_denied_config.yml",
|
19
|
+
"generators/access_denied/templates/add_roles_to_user_migration.rb",
|
20
|
+
"generators/access_denied/templates/application_controller_extensions.rb",
|
21
|
+
"generators/access_denied/templates/application_controller_extensions_test.rb",
|
22
|
+
"generators/access_denied/templates/user_extensions.rb",
|
23
|
+
"generators/access_denied/templates/user_extensions_test.rb",
|
24
|
+
"generators/access_denied/USAGE"
|
25
|
+
]
|
26
|
+
s.homepage = %q{http://github.com/polly/access_denied}
|
27
|
+
s.rdoc_options = ["--charset=UTF-8"]
|
28
|
+
s.require_paths = ["lib"]
|
29
|
+
s.rubygems_version = %q{1.3.4}
|
30
|
+
s.summary = %q{Need to write one}
|
31
|
+
|
32
|
+
if s.respond_to? :specification_version then
|
33
|
+
current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
|
34
|
+
s.specification_version = 3
|
35
|
+
|
36
|
+
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
|
37
|
+
else
|
38
|
+
end
|
39
|
+
else
|
40
|
+
end
|
41
|
+
end
|
@@ -0,0 +1,31 @@
|
|
1
|
+
class AccessDeniedGenerator < Rails::Generator::Base
|
2
|
+
def manifest
|
3
|
+
record do |m|
|
4
|
+
# Create directory structure
|
5
|
+
m.directory "lib/access_denied"
|
6
|
+
m.directory "lib/access_denied/extensions"
|
7
|
+
|
8
|
+
# Library files:
|
9
|
+
m.template "access_denied.rb", "config/initializers/access_denied.rb"
|
10
|
+
m.template "application_controller_extensions.rb", "lib/access_denied/extensions/application_controller_extensions.rb"
|
11
|
+
m.template "user_extensions.rb", "lib/access_denied/extensions/user_extensions.rb"
|
12
|
+
m.template "add_roles_to_user_migration.rb", "db/migrate/#{generate_migration_prefix}add_roles_to_user.rb"
|
13
|
+
m.template "access_denied_config.yml", "config/access_denied_config.yml"
|
14
|
+
|
15
|
+
# Test files:
|
16
|
+
m.template "application_controller_extensions_test.rb", "test/functional/application_controller_extensions_test.rb"
|
17
|
+
m.template "user_extensions_test.rb", "test/unit/user_extensions_test.rb"
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
def generate_migration_prefix
|
22
|
+
year, month, day, hour, min, sec = DateTime.now.year, DateTime.now.month, DateTime.now.day, DateTime.now.hour, DateTime.now.min, DateTime.now.sec
|
23
|
+
month = "0#{month}" unless month > 10
|
24
|
+
day = "0#{day}" unless day > 10
|
25
|
+
hour = "0#{hour}" unless hour > 10
|
26
|
+
min = "0#{min}" unless min > 10
|
27
|
+
sec = "0#{sec}" unless sec > 10
|
28
|
+
|
29
|
+
"#{year}#{month}#{day}#{hour}#{min}#{sec}_"
|
30
|
+
end
|
31
|
+
end
|
@@ -0,0 +1,9 @@
|
|
1
|
+
require 'ostruct'
|
2
|
+
require 'yaml'
|
3
|
+
|
4
|
+
raw_config = File.read(RAILS_ROOT + "/config/access_denied_config.yml")
|
5
|
+
config = OpenStruct.new(YAML.load(raw_config))
|
6
|
+
::AccessDeniedConfig = OpenStruct.new(config.send("roles"))
|
7
|
+
|
8
|
+
require "#{RAILS_ROOT}/lib/access_denied/extensions/user_extensions"
|
9
|
+
require "#{RAILS_ROOT}/lib/access_denied/extensions/application_controller_extensions"
|
@@ -0,0 +1,36 @@
|
|
1
|
+
module Authorizer
|
2
|
+
def self.included(controller)
|
3
|
+
controller.send :include, InstanceMethods
|
4
|
+
controller.extend ClassMethods
|
5
|
+
end
|
6
|
+
|
7
|
+
module InstanceMethods
|
8
|
+
def authorized?(*roles)
|
9
|
+
if current_user
|
10
|
+
unless valid_user?(*roles)
|
11
|
+
session[:user_id] = nil
|
12
|
+
login_required
|
13
|
+
end
|
14
|
+
else
|
15
|
+
login_required
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
def valid_user?(*roles)
|
20
|
+
statement = returning [] do |s|
|
21
|
+
roles.each { |role| s << current_user.send("#{role}?") }
|
22
|
+
end.join(" || ")
|
23
|
+
|
24
|
+
return eval(statement)
|
25
|
+
end
|
26
|
+
end
|
27
|
+
|
28
|
+
module ClassMethods
|
29
|
+
def ensure_role(*args)
|
30
|
+
actions, roles = args.extract_options!, args
|
31
|
+
before_filter(actions) { |c| c.authorized? *roles }
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
ActionController::Base.send(:include, Authorizer)
|
@@ -0,0 +1,100 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class ApplicationControllerExtensionsTest < ActionController::TestCase
|
4
|
+
test "unprotected actions should render just fine" do
|
5
|
+
|
6
|
+
class ::UnprotectedIndexController < ApplicationController
|
7
|
+
access_denied_config = ::AccessDeniedConfig.methods(false).reject { |item| item.include?("=") }.sort
|
8
|
+
ensure_role access_denied_config.first, :except => [ :index ]
|
9
|
+
|
10
|
+
def index
|
11
|
+
render :text => "Unprotected#index"
|
12
|
+
end
|
13
|
+
end
|
14
|
+
@controller = ::UnprotectedIndexController.new
|
15
|
+
@request = ActionController::TestRequest.new
|
16
|
+
@response = ActionController::TestResponse.new
|
17
|
+
|
18
|
+
ActionController::Routing::Routes.draw do |map|
|
19
|
+
map.resources :unprotected_index
|
20
|
+
end
|
21
|
+
|
22
|
+
get :index
|
23
|
+
assert_response 200
|
24
|
+
end
|
25
|
+
|
26
|
+
test "protected actions should result in a redirect" do
|
27
|
+
class ::ProtectedIndexController < ApplicationController
|
28
|
+
access_denied_config = ::AccessDeniedConfig.methods(false).reject { |item| item.include?("=") }.sort
|
29
|
+
ensure_role access_denied_config.first, :only => [ :index ]
|
30
|
+
|
31
|
+
def index
|
32
|
+
render :text => "Protected#index"
|
33
|
+
end
|
34
|
+
end
|
35
|
+
@controller = ::ProtectedIndexController.new
|
36
|
+
@request = ActionController::TestRequest.new
|
37
|
+
@response = ActionController::TestResponse.new
|
38
|
+
|
39
|
+
ActionController::Routing::Routes.draw do |map|
|
40
|
+
map.resources :protected_index
|
41
|
+
end
|
42
|
+
|
43
|
+
get :index
|
44
|
+
assert_redirected_to login_path
|
45
|
+
end
|
46
|
+
|
47
|
+
test "user with required role should see protected actions" do
|
48
|
+
class ::IndexForAdminController < ApplicationController
|
49
|
+
access_denied_config = ::AccessDeniedConfig.methods(false).reject { |item| item.include?("=") }.sort
|
50
|
+
ensure_role access_denied_config.first, :only => [ :index ]
|
51
|
+
|
52
|
+
def index
|
53
|
+
render :text => "Protected#show"
|
54
|
+
end
|
55
|
+
end
|
56
|
+
@controller = ::IndexForAdminController.new
|
57
|
+
@request = ActionController::TestRequest.new
|
58
|
+
@response = ActionController::TestResponse.new
|
59
|
+
|
60
|
+
ActionController::Routing::Routes.draw do |map|
|
61
|
+
map.resources :index_for_admin
|
62
|
+
end
|
63
|
+
|
64
|
+
access_denied_config = ::AccessDeniedConfig.methods(false).reject { |item| item.include?("=") }.sort
|
65
|
+
user = User.new(:username => "test_user", :role_type => ::AccessDeniedConfig.send(access_denied_config.first), :email => "test@user.com", :password => "secret", :password_confirmation => "secret")
|
66
|
+
user.save
|
67
|
+
|
68
|
+
@request.session[:user_id] = user.id
|
69
|
+
|
70
|
+
get :index
|
71
|
+
assert_response :success
|
72
|
+
end
|
73
|
+
|
74
|
+
test "user without required role should not see protected actions" do
|
75
|
+
class ::IndexForNonAdminController < ApplicationController
|
76
|
+
access_denied_config = ::AccessDeniedConfig.methods(false).reject { |item| item.include?("=") }.sort
|
77
|
+
ensure_role access_denied_config.first, :only => [ :index ]
|
78
|
+
|
79
|
+
def index
|
80
|
+
render :text => "Protected#show"
|
81
|
+
end
|
82
|
+
end
|
83
|
+
@controller = ::IndexForNonAdminController.new
|
84
|
+
@request = ActionController::TestRequest.new
|
85
|
+
@response = ActionController::TestResponse.new
|
86
|
+
|
87
|
+
ActionController::Routing::Routes.draw do |map|
|
88
|
+
map.resources :index_for_non_admin
|
89
|
+
end
|
90
|
+
|
91
|
+
access_denied_config = ::AccessDeniedConfig.methods(false).reject { |item| item.include?("=") }.sort
|
92
|
+
user = User.new(:username => "test_user", :role_type => AccessDeniedConfig.send(access_denied_config.last), :email => "test@user.com", :password => "secret", :password_confirmation => "secret")
|
93
|
+
user.save
|
94
|
+
|
95
|
+
@request.session[:user_id] = user.id
|
96
|
+
|
97
|
+
get :index
|
98
|
+
assert_redirected_to login_url
|
99
|
+
end
|
100
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
module UserExtensions
|
2
|
+
|
3
|
+
def self.included(klass)
|
4
|
+
klass.send :include, InstanceMethods
|
5
|
+
end
|
6
|
+
|
7
|
+
module InstanceMethods
|
8
|
+
access_denied_config = ::AccessDeniedConfig.methods(false).reject { |item| item.include?("=") }.sort
|
9
|
+
access_denied_config.each do |method_name|
|
10
|
+
define_method "#{method_name}?" do
|
11
|
+
self.role_type == ::AccessDeniedConfig.send(method_name)
|
12
|
+
end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
require 'test_helper'
|
2
|
+
|
3
|
+
class UserExtensionsTest < ActiveSupport::TestCase
|
4
|
+
access_denied_config = ::AccessDeniedConfig.methods(false).reject { |item| item.include?("=") }.sort
|
5
|
+
|
6
|
+
access_denied_config.each do |method_name|
|
7
|
+
define_method "test_#{method_name}_for_#{method_name}_should_return_true" do
|
8
|
+
user = User.new
|
9
|
+
user.role_type = AccessDeniedConfig.send(method_name)
|
10
|
+
|
11
|
+
assert_equal true, user.send("#{method_name}?")
|
12
|
+
end
|
13
|
+
|
14
|
+
access_denied_config.reject { |item| item == method_name }.each do |name|
|
15
|
+
define_method "test_#{name}_for_#{method_name}_should_return_false" do
|
16
|
+
user = User.new
|
17
|
+
user.role_type = AccessDeniedConfig.send(method_name)
|
18
|
+
|
19
|
+
assert_equal false, user.send("#{name}?")
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
metadata
ADDED
@@ -0,0 +1,65 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: polly-access_denied
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Patrik Hedman
|
8
|
+
autorequire:
|
9
|
+
bindir: bin
|
10
|
+
cert_chain: []
|
11
|
+
|
12
|
+
date: 2009-07-03 00:00:00 -07:00
|
13
|
+
default_executable:
|
14
|
+
dependencies: []
|
15
|
+
|
16
|
+
description: Generators for adding simple authorization to nifty-autentication
|
17
|
+
email: patrik@moresale.se
|
18
|
+
executables: []
|
19
|
+
|
20
|
+
extensions: []
|
21
|
+
|
22
|
+
extra_rdoc_files: []
|
23
|
+
|
24
|
+
files:
|
25
|
+
- MIT-LICENSE
|
26
|
+
- README
|
27
|
+
- access_denied.gemspec
|
28
|
+
- generators/access_denied/access_denied_generator.rb
|
29
|
+
- generators/access_denied/templates/access_denied.rb
|
30
|
+
- generators/access_denied/templates/access_denied_config.yml
|
31
|
+
- generators/access_denied/templates/add_roles_to_user_migration.rb
|
32
|
+
- generators/access_denied/templates/application_controller_extensions.rb
|
33
|
+
- generators/access_denied/templates/application_controller_extensions_test.rb
|
34
|
+
- generators/access_denied/templates/user_extensions.rb
|
35
|
+
- generators/access_denied/templates/user_extensions_test.rb
|
36
|
+
- generators/access_denied/USAGE
|
37
|
+
has_rdoc: false
|
38
|
+
homepage: http://github.com/polly/access_denied
|
39
|
+
licenses:
|
40
|
+
post_install_message:
|
41
|
+
rdoc_options:
|
42
|
+
- --charset=UTF-8
|
43
|
+
require_paths:
|
44
|
+
- lib
|
45
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
46
|
+
requirements:
|
47
|
+
- - ">="
|
48
|
+
- !ruby/object:Gem::Version
|
49
|
+
version: "0"
|
50
|
+
version:
|
51
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
52
|
+
requirements:
|
53
|
+
- - ">="
|
54
|
+
- !ruby/object:Gem::Version
|
55
|
+
version: "0"
|
56
|
+
version:
|
57
|
+
requirements: []
|
58
|
+
|
59
|
+
rubyforge_project:
|
60
|
+
rubygems_version: 1.3.5
|
61
|
+
signing_key:
|
62
|
+
specification_version: 3
|
63
|
+
summary: Need to write one
|
64
|
+
test_files: []
|
65
|
+
|