rails-doorman 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/LICENSE +21 -0
- data/README.rdoc +94 -0
- data/Rakefile +89 -0
- data/features/doorman.feature +99 -0
- data/features/step_definitions/common_steps.rb +25 -0
- data/features/step_definitions/webrat_steps.rb +115 -0
- data/features/support/authorized_matcher.rb +29 -0
- data/features/support/env.rb +16 -0
- data/features/support/paths.rb +19 -0
- data/features/support/unauthorized_matcher.rb +29 -0
- data/lib/doorman.rb +111 -0
- data/lib/doorman/helpers.rb +17 -0
- data/lib/doorman/rule.rb +59 -0
- data/rails/init.rb +1 -0
- data/spec/fixtures/app/README +243 -0
- data/spec/fixtures/app/Rakefile +10 -0
- data/spec/fixtures/app/app/controllers/access_control_by_host_controller.rb +5 -0
- data/spec/fixtures/app/app/controllers/access_control_by_user_agent_controller.rb +4 -0
- data/spec/fixtures/app/app/controllers/allow_all_by_default_controller.rb +2 -0
- data/spec/fixtures/app/app/controllers/allowed_and_denied_roles_controller.rb +4 -0
- data/spec/fixtures/app/app/controllers/allowed_and_denied_users_controller.rb +4 -0
- data/spec/fixtures/app/app/controllers/allowed_role_controller.rb +3 -0
- data/spec/fixtures/app/app/controllers/allowed_role_with_only_controller.rb +3 -0
- data/spec/fixtures/app/app/controllers/allowed_user_controller.rb +3 -0
- data/spec/fixtures/app/app/controllers/application_controller.rb +37 -0
- data/spec/fixtures/app/app/controllers/denied_role_controller.rb +3 -0
- data/spec/fixtures/app/app/controllers/denied_user_controller.rb +4 -0
- data/spec/fixtures/app/app/controllers/deny_all_controller.rb +3 -0
- data/spec/fixtures/app/app/controllers/explicitly_allow_all_controller.rb +3 -0
- data/spec/fixtures/app/app/controllers/test_controller.rb +4 -0
- data/spec/fixtures/app/app/controllers/view_helpers_controller.rb +4 -0
- data/spec/fixtures/app/app/helpers/application_helper.rb +3 -0
- data/spec/fixtures/app/app/models/user.rb +7 -0
- data/spec/fixtures/app/app/views/layouts/application.html.erb +8 -0
- data/spec/fixtures/app/app/views/view_helpers/allow_via_role.html.erb +3 -0
- data/spec/fixtures/app/app/views/view_helpers/deny_via_role.html.erb +3 -0
- data/spec/fixtures/app/config/boot.rb +110 -0
- data/spec/fixtures/app/config/environment.rb +41 -0
- data/spec/fixtures/app/config/environments/development.rb +0 -0
- data/spec/fixtures/app/config/environments/production.rb +0 -0
- data/spec/fixtures/app/config/environments/test.rb +31 -0
- data/spec/fixtures/app/config/initializers/backtrace_silencers.rb +7 -0
- data/spec/fixtures/app/config/initializers/inflections.rb +10 -0
- data/spec/fixtures/app/config/initializers/mime_types.rb +5 -0
- data/spec/fixtures/app/config/initializers/new_rails_defaults.rb +19 -0
- data/spec/fixtures/app/config/initializers/session_store.rb +15 -0
- data/spec/fixtures/app/config/locales/en.yml +5 -0
- data/spec/fixtures/app/config/routes.rb +43 -0
- data/spec/fixtures/app/db/foo.txt +0 -0
- data/spec/fixtures/app/doc/README_FOR_APP +2 -0
- data/spec/fixtures/app/log/test.log +11988 -0
- data/spec/fixtures/app/public/404.html +30 -0
- data/spec/fixtures/app/public/422.html +30 -0
- data/spec/fixtures/app/public/500.html +30 -0
- data/spec/fixtures/app/public/favicon.ico +0 -0
- data/spec/fixtures/app/public/images/rails.png +0 -0
- data/spec/fixtures/app/public/javascripts/application.js +2 -0
- data/spec/fixtures/app/public/javascripts/controls.js +963 -0
- data/spec/fixtures/app/public/javascripts/dragdrop.js +973 -0
- data/spec/fixtures/app/public/javascripts/effects.js +1128 -0
- data/spec/fixtures/app/public/javascripts/prototype.js +4320 -0
- data/spec/fixtures/app/public/robots.txt +5 -0
- data/spec/fixtures/app/script/about +4 -0
- data/spec/fixtures/app/script/console +3 -0
- data/spec/fixtures/app/script/dbconsole +3 -0
- data/spec/fixtures/app/script/destroy +3 -0
- data/spec/fixtures/app/script/generate +3 -0
- data/spec/fixtures/app/script/performance/benchmarker +3 -0
- data/spec/fixtures/app/script/performance/profiler +3 -0
- data/spec/fixtures/app/script/plugin +3 -0
- data/spec/fixtures/app/script/runner +3 -0
- data/spec/fixtures/app/script/server +3 -0
- data/spec/fixtures/app/test/performance/browsing_test.rb +9 -0
- data/spec/fixtures/app/test/test_helper.rb +38 -0
- data/spec/fixtures/app/vendor/plugins/doorman/init.rb +1 -0
- data/spec/rails_doorman/class_methods_spec.rb +49 -0
- data/spec/rails_doorman/rule_spec.rb +120 -0
- data/spec/spec_helper.rb +15 -0
- metadata +225 -0
@@ -0,0 +1,10 @@
|
|
1
|
+
# Add your own tasks in files placed in lib/tasks ending in .rake,
|
2
|
+
# for example lib/tasks/capistrano.rake, and they will automatically be available to Rake.
|
3
|
+
|
4
|
+
require(File.join(File.dirname(__FILE__), 'config', 'boot'))
|
5
|
+
|
6
|
+
require 'rake'
|
7
|
+
require 'rake/testtask'
|
8
|
+
require 'rake/rdoctask'
|
9
|
+
|
10
|
+
require 'tasks/rails'
|
@@ -0,0 +1,37 @@
|
|
1
|
+
# Filters added to this controller apply to all controllers in the application.
|
2
|
+
# Likewise, all the methods added will be available for all controllers.
|
3
|
+
|
4
|
+
class ApplicationController < ActionController::Base
|
5
|
+
helper :all # include all helpers, all the time
|
6
|
+
protect_from_forgery # See ActionController::RequestForgeryProtection for details
|
7
|
+
filter_parameter_logging :password
|
8
|
+
|
9
|
+
helper_method :current_user
|
10
|
+
|
11
|
+
def self.nil_current_user
|
12
|
+
self.current_user = nil
|
13
|
+
end
|
14
|
+
|
15
|
+
def self.reset_current_user
|
16
|
+
self.current_user ||= User.new
|
17
|
+
self.current_user.reset
|
18
|
+
end
|
19
|
+
|
20
|
+
protected
|
21
|
+
cattr_accessor :current_user
|
22
|
+
self.current_user ||= User.new
|
23
|
+
|
24
|
+
|
25
|
+
def rescue_action_in_public(exception)
|
26
|
+
case exception
|
27
|
+
when Doorman::InvalidRule
|
28
|
+
render :text => 'Invalid Rule', :status => '500 Internal Server Error'
|
29
|
+
when Doorman::Unauthorized
|
30
|
+
render :text => 'Unauthorized', :status => '401 Unauthorized'
|
31
|
+
else
|
32
|
+
super(exception)
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
alias :rescue_action_locally :rescue_action_in_public
|
37
|
+
end
|
@@ -0,0 +1,110 @@
|
|
1
|
+
# Don't change this file!
|
2
|
+
# Configure your app in config/environment.rb and config/environments/*.rb
|
3
|
+
|
4
|
+
RAILS_ROOT = "#{File.dirname(__FILE__)}/.." unless defined?(RAILS_ROOT)
|
5
|
+
|
6
|
+
module Rails
|
7
|
+
class << self
|
8
|
+
def boot!
|
9
|
+
unless booted?
|
10
|
+
preinitialize
|
11
|
+
pick_boot.run
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
def booted?
|
16
|
+
defined? Rails::Initializer
|
17
|
+
end
|
18
|
+
|
19
|
+
def pick_boot
|
20
|
+
(vendor_rails? ? VendorBoot : GemBoot).new
|
21
|
+
end
|
22
|
+
|
23
|
+
def vendor_rails?
|
24
|
+
File.exist?("#{RAILS_ROOT}/vendor/rails")
|
25
|
+
end
|
26
|
+
|
27
|
+
def preinitialize
|
28
|
+
load(preinitializer_path) if File.exist?(preinitializer_path)
|
29
|
+
end
|
30
|
+
|
31
|
+
def preinitializer_path
|
32
|
+
"#{RAILS_ROOT}/config/preinitializer.rb"
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
class Boot
|
37
|
+
def run
|
38
|
+
load_initializer
|
39
|
+
Rails::Initializer.run(:set_load_path)
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
class VendorBoot < Boot
|
44
|
+
def load_initializer
|
45
|
+
require "#{RAILS_ROOT}/vendor/rails/railties/lib/initializer"
|
46
|
+
Rails::Initializer.run(:install_gem_spec_stubs)
|
47
|
+
Rails::GemDependency.add_frozen_gem_path
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
class GemBoot < Boot
|
52
|
+
def load_initializer
|
53
|
+
self.class.load_rubygems
|
54
|
+
load_rails_gem
|
55
|
+
require 'initializer'
|
56
|
+
end
|
57
|
+
|
58
|
+
def load_rails_gem
|
59
|
+
if version = self.class.gem_version
|
60
|
+
gem 'rails', version
|
61
|
+
else
|
62
|
+
gem 'rails'
|
63
|
+
end
|
64
|
+
rescue Gem::LoadError => load_error
|
65
|
+
$stderr.puts %(Missing the Rails #{version} gem. Please `gem install -v=#{version} rails`, update your RAILS_GEM_VERSION setting in config/environment.rb for the Rails version you do have installed, or comment out RAILS_GEM_VERSION to use the latest version installed.)
|
66
|
+
exit 1
|
67
|
+
end
|
68
|
+
|
69
|
+
class << self
|
70
|
+
def rubygems_version
|
71
|
+
Gem::RubyGemsVersion rescue nil
|
72
|
+
end
|
73
|
+
|
74
|
+
def gem_version
|
75
|
+
if defined? RAILS_GEM_VERSION
|
76
|
+
RAILS_GEM_VERSION
|
77
|
+
elsif ENV.include?('RAILS_GEM_VERSION')
|
78
|
+
ENV['RAILS_GEM_VERSION']
|
79
|
+
else
|
80
|
+
parse_gem_version(read_environment_rb)
|
81
|
+
end
|
82
|
+
end
|
83
|
+
|
84
|
+
def load_rubygems
|
85
|
+
require 'rubygems'
|
86
|
+
min_version = '1.3.1'
|
87
|
+
unless rubygems_version >= min_version
|
88
|
+
$stderr.puts %Q(Rails requires RubyGems >= #{min_version} (you have #{rubygems_version}). Please `gem update --system` and try again.)
|
89
|
+
exit 1
|
90
|
+
end
|
91
|
+
|
92
|
+
rescue LoadError
|
93
|
+
$stderr.puts %Q(Rails requires RubyGems >= #{min_version}. Please install RubyGems and try again: http://rubygems.rubyforge.org)
|
94
|
+
exit 1
|
95
|
+
end
|
96
|
+
|
97
|
+
def parse_gem_version(text)
|
98
|
+
$1 if text =~ /^[^#]*RAILS_GEM_VERSION\s*=\s*["']([!~<>=]*\s*[\d.]+)["']/
|
99
|
+
end
|
100
|
+
|
101
|
+
private
|
102
|
+
def read_environment_rb
|
103
|
+
File.read("#{RAILS_ROOT}/config/environment.rb")
|
104
|
+
end
|
105
|
+
end
|
106
|
+
end
|
107
|
+
end
|
108
|
+
|
109
|
+
# All that for this:
|
110
|
+
Rails.boot!
|
@@ -0,0 +1,41 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file
|
2
|
+
|
3
|
+
# Specifies gem version of Rails to use when vendor/rails is not present
|
4
|
+
RAILS_GEM_VERSION = '2.3.5' unless defined? RAILS_GEM_VERSION
|
5
|
+
|
6
|
+
# Bootstrap the Rails environment, frameworks, and default configuration
|
7
|
+
require File.join(File.dirname(__FILE__), 'boot')
|
8
|
+
|
9
|
+
Rails::Initializer.run do |config|
|
10
|
+
# Settings in config/environments/* take precedence over those specified here.
|
11
|
+
# Application configuration should go into files in config/initializers
|
12
|
+
# -- all .rb files in that directory are automatically loaded.
|
13
|
+
|
14
|
+
# Add additional load paths for your own custom dirs
|
15
|
+
# config.load_paths += %W( #{RAILS_ROOT}/extras )
|
16
|
+
|
17
|
+
# Specify gems that this application depends on and have them installed with rake gems:install
|
18
|
+
# config.gem "bj"
|
19
|
+
# config.gem "hpricot", :version => '0.6', :source => "http://code.whytheluckystiff.net"
|
20
|
+
# config.gem "sqlite3-ruby", :lib => "sqlite3"
|
21
|
+
# config.gem "aws-s3", :lib => "aws/s3"
|
22
|
+
|
23
|
+
# Only load the plugins named here, in the order given (default is alphabetical).
|
24
|
+
# :all can be used as a placeholder for all plugins not explicitly named
|
25
|
+
# config.plugins = [ :exception_notification, :ssl_requirement, :all ]
|
26
|
+
|
27
|
+
# Skip frameworks you're not going to use. To use Rails without a database,
|
28
|
+
# you must remove the Active Record framework.
|
29
|
+
config.frameworks -= [ :active_record, :active_resource, :action_mailer ]
|
30
|
+
|
31
|
+
# Activate observers that should always be running
|
32
|
+
#config.active_record.observers = :cacher, :garbage_collector, :forum_observer
|
33
|
+
|
34
|
+
# Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
|
35
|
+
# Run "rake -D time" for a list of tasks for finding time zone names.
|
36
|
+
config.time_zone = 'UTC'
|
37
|
+
|
38
|
+
# The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
|
39
|
+
# config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}')]
|
40
|
+
# config.i18n.default_locale = :de
|
41
|
+
end
|
File without changes
|
File without changes
|
@@ -0,0 +1,31 @@
|
|
1
|
+
config.gem "rspec", :lib => false, :version => ">= 1.2.0"
|
2
|
+
config.gem "rspec-rails", :lib => false, :version => ">= 1.2.0"
|
3
|
+
|
4
|
+
# Settings specified here will take precedence over those in config/environment.rb
|
5
|
+
|
6
|
+
# The test environment is used exclusively to run your application's
|
7
|
+
# test suite. You never need to work with it otherwise. Remember that
|
8
|
+
# your test database is "scratch space" for the test suite and is wiped
|
9
|
+
# and recreated between test runs. Don't rely on the data there!
|
10
|
+
#config.cache_classes = true
|
11
|
+
|
12
|
+
# Log error messages when you accidentally call methods on nil.
|
13
|
+
config.whiny_nils = true
|
14
|
+
|
15
|
+
# Show full error reports and disable caching
|
16
|
+
config.action_controller.consider_all_requests_local = true
|
17
|
+
config.action_controller.perform_caching = false
|
18
|
+
#config.action_view.cache_template_loading = true
|
19
|
+
|
20
|
+
# Disable request forgery protection in test environment
|
21
|
+
config.action_controller.allow_forgery_protection = false
|
22
|
+
|
23
|
+
# Tell Action Mailer not to deliver emails to the real world.
|
24
|
+
# The :test delivery method accumulates sent emails in the
|
25
|
+
# ActionMailer::Base.deliveries array.
|
26
|
+
#config.action_mailer.delivery_method = :test
|
27
|
+
|
28
|
+
# Use SQL instead of Active Record's schema dumper when creating the test database.
|
29
|
+
# This is necessary if your schema can't be completely dumped by the schema dumper,
|
30
|
+
# like if you have constraints or database-specific column types
|
31
|
+
# config.active_record.schema_format = :sql
|
@@ -0,0 +1,7 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# You can add backtrace silencers for libraries that you're using but don't wish to see in your backtraces.
|
4
|
+
# Rails.backtrace_cleaner.add_silencer { |line| line =~ /my_noisy_library/ }
|
5
|
+
|
6
|
+
# You can also remove all the silencers if you're trying do debug a problem that might steem from framework code.
|
7
|
+
# Rails.backtrace_cleaner.remove_silencers!
|
@@ -0,0 +1,10 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# Add new inflection rules using the following format
|
4
|
+
# (all these examples are active by default):
|
5
|
+
# ActiveSupport::Inflector.inflections do |inflect|
|
6
|
+
# inflect.plural /^(ox)$/i, '\1en'
|
7
|
+
# inflect.singular /^(ox)en/i, '\1'
|
8
|
+
# inflect.irregular 'person', 'people'
|
9
|
+
# inflect.uncountable %w( fish sheep )
|
10
|
+
# end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# These settings change the behavior of Rails 2 apps and will be defaults
|
4
|
+
# for Rails 3. You can remove this initializer when Rails 3 is released.
|
5
|
+
|
6
|
+
if defined?(ActiveRecord)
|
7
|
+
# Include Active Record class name as root for JSON serialized output.
|
8
|
+
ActiveRecord::Base.include_root_in_json = true
|
9
|
+
|
10
|
+
# Store the full class name (including module namespace) in STI type column.
|
11
|
+
ActiveRecord::Base.store_full_sti_class = true
|
12
|
+
end
|
13
|
+
|
14
|
+
# Use ISO 8601 format for JSON serialized times and dates.
|
15
|
+
ActiveSupport.use_standard_json_time_format = true
|
16
|
+
|
17
|
+
# Don't escape HTML entities in JSON, leave that for the #json_escape helper.
|
18
|
+
# if you're including raw json in an HTML page.
|
19
|
+
ActiveSupport.escape_html_entities_in_json = false
|
@@ -0,0 +1,15 @@
|
|
1
|
+
# Be sure to restart your server when you modify this file.
|
2
|
+
|
3
|
+
# Your secret key for verifying cookie session data integrity.
|
4
|
+
# If you change this key, all old sessions will become invalid!
|
5
|
+
# Make sure the secret is at least 30 characters and all random,
|
6
|
+
# no regular words or you'll be exposed to dictionary attacks.
|
7
|
+
ActionController::Base.session = {
|
8
|
+
:key => '_app_session',
|
9
|
+
:secret => '63bd6fa6bd2afd47cc484d09f982e4f03d6aa55ad513eb732565cc65e46f0d0693f07235b4f930d42ff6511c46333d2232fc2efcafe1b87df442d36784321d86'
|
10
|
+
}
|
11
|
+
|
12
|
+
# Use the database for sessions instead of the cookie-based default,
|
13
|
+
# which shouldn't be used to store highly confidential information
|
14
|
+
# (create the session table with "rake db:sessions:create")
|
15
|
+
# ActionController::Base.session_store = :active_record_store
|
@@ -0,0 +1,43 @@
|
|
1
|
+
ActionController::Routing::Routes.draw do |map|
|
2
|
+
# The priority is based upon order of creation: first created -> highest priority.
|
3
|
+
|
4
|
+
# Sample of regular route:
|
5
|
+
# map.connect 'products/:id', :controller => 'catalog', :action => 'view'
|
6
|
+
# Keep in mind you can assign values other than :controller and :action
|
7
|
+
|
8
|
+
# Sample of named route:
|
9
|
+
# map.purchase 'products/:id/purchase', :controller => 'catalog', :action => 'purchase'
|
10
|
+
# This route can be invoked with purchase_url(:id => product.id)
|
11
|
+
|
12
|
+
# Sample resource route (maps HTTP verbs to controller actions automatically):
|
13
|
+
# map.resources :products
|
14
|
+
|
15
|
+
# Sample resource route with options:
|
16
|
+
# map.resources :products, :member => { :short => :get, :toggle => :post }, :collection => { :sold => :get }
|
17
|
+
|
18
|
+
# Sample resource route with sub-resources:
|
19
|
+
# map.resources :products, :has_many => [ :comments, :sales ], :has_one => :seller
|
20
|
+
|
21
|
+
# Sample resource route with more complex sub-resources
|
22
|
+
# map.resources :products do |products|
|
23
|
+
# products.resources :comments
|
24
|
+
# products.resources :sales, :collection => { :recent => :get }
|
25
|
+
# end
|
26
|
+
|
27
|
+
# Sample resource route within a namespace:
|
28
|
+
# map.namespace :admin do |admin|
|
29
|
+
# # Directs /admin/products/* to Admin::ProductsController (app/controllers/admin/products_controller.rb)
|
30
|
+
# admin.resources :products
|
31
|
+
# end
|
32
|
+
|
33
|
+
# You can have the root of your site routed with map.root -- just remember to delete public/index.html.
|
34
|
+
# map.root :controller => "welcome"
|
35
|
+
|
36
|
+
# See how all your routes lay out with "rake routes"
|
37
|
+
|
38
|
+
# Install the default routes as the lowest priority.
|
39
|
+
# Note: These default routes make all actions in every controller accessible via GET requests. You should
|
40
|
+
# consider removing the them or commenting them out if you're using named routes and resources.
|
41
|
+
map.connect ':controller/:action/:id'
|
42
|
+
map.connect ':controller/:action/:id.:format'
|
43
|
+
end
|