rend-acl 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- data/.gitignore +17 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +26 -0
- data/README.md +25 -0
- data/Rakefile +9 -0
- data/ZEND_FRAMEWORK_LICENSE.txt +27 -0
- data/lib/rend/acl/exception.rb +6 -0
- data/lib/rend/acl/resource.rb +14 -0
- data/lib/rend/acl/role/registry/exception.rb +10 -0
- data/lib/rend/acl/role/registry.rb +168 -0
- data/lib/rend/acl/role.rb +19 -0
- data/lib/rend/acl/version.rb +7 -0
- data/lib/rend/acl.rb +875 -0
- data/rend-acl.gemspec +34 -0
- data/test/test_acl.rb +209 -0
- metadata +116 -0
data/.gitignore
ADDED
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,26 @@
|
|
1
|
+
Copyright (c) 1999 - 2013, Daniel Doezema All rights reserved.
|
2
|
+
|
3
|
+
Redistribution and use in source and binary forms, with or without modification,
|
4
|
+
are permitted provided that the following conditions are met:
|
5
|
+
|
6
|
+
* Redistributions of source code must retain the above copyright notice, this
|
7
|
+
list of conditions and the following disclaimer.
|
8
|
+
|
9
|
+
* Redistributions in binary form must reproduce the above copyright notice,
|
10
|
+
this list of conditions and the following disclaimer in the documentation
|
11
|
+
and/or other materials provided with the distribution.
|
12
|
+
|
13
|
+
* The names of the contributors and/or copyright holder may not be used to
|
14
|
+
endorse or promote products derived from this software without specific
|
15
|
+
prior written permission.
|
16
|
+
|
17
|
+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND
|
18
|
+
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
19
|
+
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
20
|
+
DISCLAIMED. IN NO EVENT SHALL DANIEL DOEZEMA BE LIABLE FOR ANY DIRECT, INDIRECT,
|
21
|
+
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
22
|
+
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
23
|
+
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
24
|
+
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
|
25
|
+
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
|
26
|
+
ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
data/README.md
ADDED
@@ -0,0 +1,25 @@
|
|
1
|
+
# Rend Acl
|
2
|
+
|
3
|
+
Rend-Acl is a port of [Zend_Acl](http://framework.zend.com/manual/1.12/en/zend.acl.html) with modifications made to bring the api more inline with Ruby conventions.
|
4
|
+
|
5
|
+
## Installation
|
6
|
+
|
7
|
+
gem install rend-acl
|
8
|
+
|
9
|
+
## Contributing
|
10
|
+
|
11
|
+
1. Fork it
|
12
|
+
2. Create your feature branch (`git checkout -b my-new-feature`)
|
13
|
+
3. Commit your changes (`git commit -am 'Add some feature'`)
|
14
|
+
4. Push to the branch (`git push origin my-new-feature`)
|
15
|
+
5. Create new Pull Request
|
16
|
+
|
17
|
+
## Licensing
|
18
|
+
|
19
|
+
* All ported Ruby code and assoicated 'Rend' gems are under a simple [New-BSD License](http://dan.doezema.com/licenses/new-bsd).
|
20
|
+
* Original PHP code is licensed under [Zend's New-BSD License](http://framework.zend.com/license/).
|
21
|
+
* This license can be found in `./ZEND_FRAMEWORK_LICENSE.txt`
|
22
|
+
|
23
|
+
## Acknowledgements
|
24
|
+
* This project is **not** associated with, or endorsed by, Zend Technologies USA, Inc., nor any of its contributors.
|
25
|
+
* Rend's modular design was heavily influced by [RSpec](https://github.com/rspec/rspec) approach.
|
data/Rakefile
ADDED
@@ -0,0 +1,27 @@
|
|
1
|
+
New BSD License
|
2
|
+
Copyright (c) 2005-2013, Zend Technologies USA, Inc. All rights reserved.
|
3
|
+
|
4
|
+
Redistribution and use in source and binary forms, with or without modification,
|
5
|
+
are permitted provided that the following conditions are met:
|
6
|
+
|
7
|
+
* Redistributions of source code must retain the above copyright notice, this
|
8
|
+
list of conditions and the following disclaimer.
|
9
|
+
|
10
|
+
* Redistributions in binary form must reproduce the above copyright notice, this
|
11
|
+
list of conditions and the following disclaimer in the documentation and/or
|
12
|
+
other materials provided with the distribution.
|
13
|
+
|
14
|
+
* Neither the name of Zend Technologies USA, Inc. nor the names of its
|
15
|
+
contributors may be used to endorse or promote products derived from this
|
16
|
+
software without specific prior written permission.
|
17
|
+
|
18
|
+
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
|
19
|
+
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
20
|
+
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
21
|
+
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
|
22
|
+
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
23
|
+
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
24
|
+
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
|
25
|
+
ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
26
|
+
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
27
|
+
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
@@ -0,0 +1,168 @@
|
|
1
|
+
require 'rend/acl/role/registry/exception'
|
2
|
+
module Rend
|
3
|
+
class Acl
|
4
|
+
class Role
|
5
|
+
class Registry
|
6
|
+
include Rend::Core::Helpers::Php
|
7
|
+
|
8
|
+
# Internal Role registry data storage
|
9
|
+
# @var hash
|
10
|
+
attr_accessor :roles
|
11
|
+
|
12
|
+
def initialize
|
13
|
+
self.roles = {}
|
14
|
+
end
|
15
|
+
|
16
|
+
# Adds a Role having an identifier unique to the registry
|
17
|
+
#
|
18
|
+
# The parents parameter may be a reference to, or the string identifier for,
|
19
|
+
# a Role existing in the registry, or parents may be passed as an array of
|
20
|
+
# these - mixing string identifiers and objects is ok - to indicate the Roles
|
21
|
+
# from which the newly added Role will directly inherit.
|
22
|
+
#
|
23
|
+
# In order to resolve potential ambiguities with conflicting rules inherited
|
24
|
+
# from different parents, the most recently added parent takes precedence over
|
25
|
+
# parents that were previously added. In other words, the first parent added
|
26
|
+
# will have the least priority, and the last parent added will have the
|
27
|
+
# highest priority.
|
28
|
+
#
|
29
|
+
# @param Rend::Acl::Role role
|
30
|
+
# @param Rend::Acl::Role|string|array parents
|
31
|
+
# @throws Rend::Acl::Role::Registry::Exception
|
32
|
+
# @return Rend::Acl::Role::Registry Provides a fluent interface
|
33
|
+
def add!(role, parents = nil)
|
34
|
+
type_hint! Rend::Acl::Role, role, :is_required => true
|
35
|
+
|
36
|
+
role_id = role.id
|
37
|
+
raise Exception, "Role id 'role_id' already exists in the registry" if has?(role_id)
|
38
|
+
|
39
|
+
role_parents = {}
|
40
|
+
|
41
|
+
if parents
|
42
|
+
Array(parents).each do |parent|
|
43
|
+
begin
|
44
|
+
role_parent_id = (parent.class <= Rend::Acl::Role) ? parent.id : parent
|
45
|
+
role_parent = get!(role_parent_id)
|
46
|
+
rescue Exception
|
47
|
+
raise Exception, "Parent Role id 'role_parent_id' does not exist"
|
48
|
+
end
|
49
|
+
role_parents[role_parent_id] = role_parent
|
50
|
+
roles[role_parent_id][:children][role_id] = role
|
51
|
+
# roles[role_parent_id][:instance].children[role_id] = role # future
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
# role.parents = role_parents -- future
|
56
|
+
|
57
|
+
roles[role_id] = {
|
58
|
+
:instance => role,
|
59
|
+
:parents => role_parents,
|
60
|
+
:children => {}
|
61
|
+
}
|
62
|
+
|
63
|
+
self
|
64
|
+
end
|
65
|
+
|
66
|
+
|
67
|
+
# Returns the identified Role
|
68
|
+
#
|
69
|
+
# The role parameter can either be a Role or a Role identifier.
|
70
|
+
#
|
71
|
+
# @param Rend::Acl::Role|string role
|
72
|
+
# @throws Rend::Acl::Role::Registry::Exception
|
73
|
+
# @return Rend::Acl::Role
|
74
|
+
def get!(role)
|
75
|
+
raise Exception, "Role 'role_id' not found" unless has?(role)
|
76
|
+
role_id = (role.class <= Rend::Acl::Role) ? role.id : role.to_s
|
77
|
+
roles[role_id][:instance]
|
78
|
+
end
|
79
|
+
|
80
|
+
|
81
|
+
# Returns true if and only if the Role exists in the registry
|
82
|
+
#
|
83
|
+
# The role parameter can either be a Role or a Role identifier.
|
84
|
+
#
|
85
|
+
# @param Rend::Acl::Role|string role
|
86
|
+
# @return boolean
|
87
|
+
def has?(role)
|
88
|
+
role_id = (role.class <= Rend::Acl::Role) ? role.id : role.to_s
|
89
|
+
roles.has_key?(role_id)
|
90
|
+
end
|
91
|
+
|
92
|
+
|
93
|
+
# Returns an array of an existing Role's parents
|
94
|
+
#
|
95
|
+
# The array keys are the identifiers of the parent Roles, and the values are
|
96
|
+
# the parent Role instances. The parent Roles are ordered in this array by
|
97
|
+
# ascending priority. The highest priority parent Role, last in the array,
|
98
|
+
# corresponds with the parent Role most recently added.
|
99
|
+
#
|
100
|
+
# If the Role does not have any parents, then an empty array is returned.
|
101
|
+
#
|
102
|
+
# @param Rend::Acl::Role|string role
|
103
|
+
# @uses Rend::Acl::Role::Registry::get!
|
104
|
+
# @return array
|
105
|
+
def parents(role)
|
106
|
+
roles[get!(role).id][:parents]
|
107
|
+
end
|
108
|
+
|
109
|
+
|
110
|
+
# Returns true if and only if role inherits from inherit
|
111
|
+
#
|
112
|
+
# Both parameters may be either a Role or a Role identifier. If
|
113
|
+
# only_parents is true, then role must inherit directly from
|
114
|
+
# inherit in order to return true. By default, this method looks
|
115
|
+
# through the entire inheritance DAG to determine whether role
|
116
|
+
# inherits from inherit through its ancestor Roles.
|
117
|
+
#
|
118
|
+
# @param Rend::Acl::Role|string role
|
119
|
+
# @param Rend::Acl::Role|string inherit
|
120
|
+
# @param boolean only_parents
|
121
|
+
# @throws Rend::Acl::Role::Registry::Exception
|
122
|
+
# @return boolean
|
123
|
+
def inherits?(role, inherit, only_parents = false)
|
124
|
+
role_id = get!(role).id
|
125
|
+
inherit_id = get!(inherit).id
|
126
|
+
inherits = roles[role_id][:parents].has_key?(inherit_id)
|
127
|
+
|
128
|
+
return inherits if inherits || only_parents
|
129
|
+
|
130
|
+
roles[role_id][:parents].each do |parent_id, parent|
|
131
|
+
return true if inherits?(parent_id, inherit_id)
|
132
|
+
end
|
133
|
+
false
|
134
|
+
end
|
135
|
+
|
136
|
+
|
137
|
+
# Removes the Role from the registry
|
138
|
+
#
|
139
|
+
# The role parameter can either be a Role or a Role identifier.
|
140
|
+
#
|
141
|
+
# @param Rend::Acl::Role|string role
|
142
|
+
# @throws Rend::Acl::Role::Registry::Exception
|
143
|
+
# @return Rend::Acl::Role::Registry Provides a fluent interface
|
144
|
+
def remove!(role)
|
145
|
+
role_id = get!(role).id
|
146
|
+
|
147
|
+
roles[role_id][:children].each do |child_id, child|
|
148
|
+
roles[child_id][:parents].delete(role_id)
|
149
|
+
end
|
150
|
+
|
151
|
+
roles[role_id][:parents].each do |parent_id, parent|
|
152
|
+
roles[parent_id][:children][role_id]
|
153
|
+
end
|
154
|
+
|
155
|
+
roles.delete(role_id)
|
156
|
+
|
157
|
+
self
|
158
|
+
end
|
159
|
+
|
160
|
+
def remove_all!
|
161
|
+
roles.replace({})
|
162
|
+
self
|
163
|
+
end
|
164
|
+
|
165
|
+
end
|
166
|
+
end
|
167
|
+
end
|
168
|
+
end
|
@@ -0,0 +1,19 @@
|
|
1
|
+
require 'rend/acl/role/registry'
|
2
|
+
module Rend
|
3
|
+
class Acl
|
4
|
+
class Role
|
5
|
+
|
6
|
+
# Unique id of Role
|
7
|
+
attr_reader :id # @var string
|
8
|
+
# attr_accessor :parents -- future
|
9
|
+
# attr_accessor :children -- future
|
10
|
+
|
11
|
+
def initialize(id)
|
12
|
+
@id = id.to_s
|
13
|
+
# @parents = {} -- future
|
14
|
+
# @children = {} -- future
|
15
|
+
end
|
16
|
+
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|