RubyGems - role_authorization - Versions diffs - 0.1.6 → 0.2.0 - Mend

role_authorization 0.1.6 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

data/Gemfile.lock +1 -1
data/lib/rails/role_authorization.rb +9 -1
data/lib/role_authorization/active_record.rb +7 -0
data/lib/role_authorization/{allow_group.rb → controller/allow_group.rb} +0 -0
data/lib/role_authorization/controller/mapper.rb +44 -0
data/lib/role_authorization/{ruleset.rb → controller/ruleset.rb} +3 -5
data/lib/role_authorization/controller.rb +117 -0
data/lib/role_authorization/roles/manager.rb +84 -0
data/lib/role_authorization/roles/role.rb +66 -0
data/lib/role_authorization/roles/role_group.rb +16 -0
data/lib/role_authorization/roles.rb +14 -0
data/lib/role_authorization/rules/defaults.rb +25 -0
data/lib/role_authorization/rules/rule.rb +33 -0
data/lib/role_authorization/rules.rb +12 -0
data/lib/role_authorization/user.rb +121 -0
data/lib/role_authorization/version.rb +1 -1
data/lib/role_authorization/view_security.rb +114 -0
data/lib/role_authorization.rb +61 -1
metadata +16 -17
data/lib/role_authorization/base.rb +0 -116
data/lib/role_authorization/exts/controller.rb +0 -126
data/lib/role_authorization/exts/model.rb +0 -126
data/lib/role_authorization/exts/session.rb +0 -52
data/lib/role_authorization/exts/user.rb +0 -58
data/lib/role_authorization/exts/view.rb +0 -77
data/lib/role_authorization/mapper.rb +0 -76
data/lib/role_authorization/rules/access.rb +0 -88
data/lib/role_authorization/rules/basic.rb +0 -22
data/lib/role_authorization/rules/custom.rb +0 -32
data/lib/role_authorization/rules/object_role.rb +0 -51
data/lib/role_authorization/rules/resource.rb +0 -106
data/lib/role_authorization/rules/user.rb +0 -70

data/lib/role_authorization/view_security.rb ADDED Viewed

@@ -0,0 +1,114 @@
+module RoleAuthorization
+  module ViewSecurity
+    def self.included(base)
+      base.send(:include, InstanceMethods)
+      base.class_eval do
+        alias_method :link_to_open, :link_to
+        alias_method :link_to, :link_to_secured
+        alias_method :button_to_open, :button_to
+        alias_method :button_to, :button_to_secured
+        alias_method :form_for_open, :form_for
+        alias_method :form_for, :form_for_secured
+      end
+    end
+    module InstanceMethods
+      def form_for_secured(record_or_name_or_array, *args, &proc)
+        options = args.last.is_a?(Hash) ? args.last : {}
+        url = url_for(options[:url] || record_or_name_or_array)
+        method = (options[:html] && options[:html].has_key?(:method)) ? options[:html][:method] : :post
+        if authorized?(url, method)
+          return form_for_open(record_or_name_or_array, *args, &proc)
+        else
+          return ""
+        end
+      end
+      def link_to_secured(name, options = {}, html_options = nil)
+        url = url_for(options)
+        method = (html_options && html_options.has_key?(:method)) ? html_options[:method] : :get
+        if authorized?(url, method)
+          return link_to_open(name, url, html_options)
+        else
+          return ""
+        end
+      end
+      def button_to_secured(name, options = {}, html_options = nil)
+        url = url_for(options)
+        method = (html_options && html_options.has_key?(:method)) ? html_options[:method] : :post
+        if authorized?(url, method)
+          return button_to_open(name, url, html_options)
+        else
+          return ""
+        end
+      end
+      def link_to_or_show(name, options = {}, html_options = nil)
+        lnk = link_to(name, options, html_options)
+        lnk.length == 0 ? name : lnk
+      end
+    end # InstanceMethods
+    module ClassMethods
+      def load_controller_classes
+        @controller_classes = {}
+        maybe_load_framework_controller_parent
+        Dir.chdir("#{Rails.root}/app/controllers") do
+          Dir["**/*.rb"].sort.each do |c|
+            next if c.include?("application")
+            rola_load(c)
+          end
+        end
+      end
+      def maybe_load_framework_controller_parent
+        if ::Rails::VERSION::MAJOR >= 3 || (::Rails::VERSION::MAJOR >= 2 && ::Rails::VERSION::MINOR >= 3)
+          filename = "application_controller.rb"
+        else
+          filename = "application.rb"
+        end
+        require_or_load(filename)
+      end
+      def rola_load(filename)
+        klass = class_name_from_file(filename)
+        require_or_load(filename)
+        @controller_classes[klass] = qualified_const_get(klass)
+      end
+      def require_or_load(filename)
+        if ActiveSupport.const_defined?("Dependencies")
+          ActiveSupport::Dependencies.require_or_load(filename)
+        else
+          Dependencies.require_or_load(filename)
+        end
+      end
+      def class_name_from_file(str)
+        str.split(".")[0].split("/").collect{|s| s.camelize }.join("::")
+      end
+      def qualified_const_get(klass)
+        if klass =~ /::/
+          namespace, klass = klass.split("::")
+          eval(namespace).const_get(klass)
+        else
+          const_get(klass)
+        end
+      end
+    end
+    extend ClassMethods
+  end
+end

data/lib/role_authorization.rb CHANGED Viewed

@@ -1,3 +1,63 @@
-require 'role_authorization/base'
+# controller
+require 'role_authorization/controller/mapper'
+require 'role_authorization/controller/ruleset'
+require 'role_authorization/controller/allow_group'
+require 'role_authorization/controller'
+# roles
+require 'role_authorization/roles/manager'
+require 'role_authorization/roles/role'
+require 'role_authorization/roles/role_group'
+require 'role_authorization/roles'
+# active record
+require 'role_authorization/active_record'
+# rules
+require 'role_authorization/rules'
+require 'role_authorization/rules/rule'
+require 'role_authorization/rules/defaults'
+# exts
+require 'role_authorization/user'
 require 'rails/role_authorization' if defined?(Rails)
+module RoleAuthorization
+  module ClassMethods
+    def load_rules
+      # load default rules
+      Dir.chdir(File.dirname(__FILE__)) do
+        Dir["rules/*.rb"].each do |rule_definition|
+          require "#{File.dirname(__FILE__)}/#{rule_definition}"
+        end
+      end
+      # load application rules
+      Dir.chdir(Rails.root) do
+        Dir["lib/rules/*.rb"].each do |rule_definition|
+          require "#{Rails.root}/#{rule_definition}"
+        end
+      end
+      # load allow groups
+      Dir.chdir(Rails.root) do
+        Dir["lib/allow_groups/*.rb"].each do |allow_group|
+          require "#{Rails.root}/#{allow_group}"
+        end
+      end
+    end
+    def enable_view_security
+      if RoleAuthorization.view_security
+        require 'role_authorization/view_security'
+        unless ActionView::Base.instance_methods.include? :link_to_or_show
+          ActionView::Base.class_eval { include RoleAuthorization::ViewSecurity }
+        end
+      end
+    end
+  end
+  extend ClassMethods
+end

metadata CHANGED Viewed

@@ -2,7 +2,7 @@
 name: role_authorization
 version: !ruby/object:Gem::Version
   prerelease:
-  version: 0.1.6
+  version: 0.2.0
 platform: ruby
 authors:
 - John 'asceth' Long
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-03-03 00:00:00 -05:00
+date: 2011-03-08 00:00:00 -05:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -56,22 +56,21 @@ files:
 - Rakefile
 - lib/rails/role_authorization.rb
 - lib/role_authorization.rb
-- lib/role_authorization/allow_group.rb
-- lib/role_authorization/base.rb
-- lib/role_authorization/exts/controller.rb
-- lib/role_authorization/exts/model.rb
-- lib/role_authorization/exts/session.rb
-- lib/role_authorization/exts/user.rb
-- lib/role_authorization/exts/view.rb
-- lib/role_authorization/mapper.rb
-- lib/role_authorization/rules/access.rb
-- lib/role_authorization/rules/basic.rb
-- lib/role_authorization/rules/custom.rb
-- lib/role_authorization/rules/object_role.rb
-- lib/role_authorization/rules/resource.rb
-- lib/role_authorization/rules/user.rb
-- lib/role_authorization/ruleset.rb
+- lib/role_authorization/active_record.rb
+- lib/role_authorization/controller.rb
+- lib/role_authorization/controller/allow_group.rb
+- lib/role_authorization/controller/mapper.rb
+- lib/role_authorization/controller/ruleset.rb
+- lib/role_authorization/roles.rb
+- lib/role_authorization/roles/manager.rb
+- lib/role_authorization/roles/role.rb
+- lib/role_authorization/roles/role_group.rb
+- lib/role_authorization/rules.rb
+- lib/role_authorization/rules/defaults.rb
+- lib/role_authorization/rules/rule.rb
+- lib/role_authorization/user.rb
 - lib/role_authorization/version.rb
+- lib/role_authorization/view_security.rb
 - migrations/01_user_roles.rb
 - role_authorization.gemspec
 has_rdoc: true

data/lib/role_authorization/base.rb DELETED Viewed

@@ -1,116 +0,0 @@
-module RoleAuthorization
-  class << self
-    # shortcut for <tt>enable_actionpack; enable_activerecord</tt>
-    def enable
-      # load rule mapper
-      load 'role_authorization/mapper.rb'
-      load 'role_authorization/ruleset.rb'
-      load 'role_authorization/allow_group.rb'
-      load 'role_authorization/rules/basic.rb'
-      # load default rules
-      Dir.chdir(File.dirname(__FILE__)) do
-        Dir["rules/*.rb"].each do |rule_definition|
-          require "#{File.dirname(__FILE__)}/#{rule_definition}"
-        end
-      end
-      # load application rules
-      Dir.chdir(Rails.root) do
-        Dir["lib/rules/*.rb"].each do |rule_definition|
-          require "#{Rails.root}/#{rule_definition}"
-        end
-      end
-      # load allow groups
-      Dir.chdir(Rails.root) do
-        Dir["lib/allow_groups/*.rb"].each do |allow_group|
-          require "#{Rails.root}/#{allow_group}"
-        end
-      end
-      enable_actionpack
-      enable_activerecord
-    end
-    def enable_actionpack
-      load 'role_authorization/exts/view.rb'
-      unless ActionView::Base.instance_methods.include? :link_to_or_show
-        ActionView::Base.class_eval { include Exts::View }
-      end
-      load 'role_authorization/exts/session.rb'
-      load 'role_authorization/exts/controller.rb'
-      unless ActionController::Base.instance_methods.include? :authorized?
-        ActionController::Base.class_eval { include Exts::Session }
-        ActionController::Base.class_eval { include Exts::Controller }
-      end
-    end
-    def enable_activerecord
-      load 'role_authorization/exts/model.rb'
-      unless ActiveRecord::Base.instance_methods.include? :roleable
-        ActiveRecord::Base.class_eval { include Exts::Model }
-      end
-      load 'role_authorization/exts/user.rb'
-    end
-    def load_controller_classes
-      @controller_classes = {}
-      maybe_load_framework_controller_parent
-      Dir.chdir("#{Rails.root}/app/controllers") do
-        Dir["**/*.rb"].sort.each do |c|
-          next if c.include?("application")
-          rola_load(c)
-        end
-      end
-#       if ENV['RAILS_ENV'] != 'production'
-#         if ActiveSupport.const_defined?("Dependencies")
-#           ActiveSupport::Dependencies.clear
-#         else
-#           Dependencies.clear
-#         end
-#       end
-    end
-    def maybe_load_framework_controller_parent
-      if ::Rails::VERSION::MAJOR >= 3 || (::Rails::VERSION::MAJOR >= 2 && ::Rails::VERSION::MINOR >= 3)
-        filename = "application_controller.rb"
-      else
-        filename = "application.rb"
-      end
-      require_or_load(filename)
-    end
-    def rola_load(filename)
-      klass = class_name_from_file(filename)
-      require_or_load(filename)
-      @controller_classes[klass] = qualified_const_get(klass)
-    end
-    def require_or_load(filename)
-      if ActiveSupport.const_defined?("Dependencies")
-        ActiveSupport::Dependencies.require_or_load(filename)
-      else
-        Dependencies.require_or_load(filename)
-      end
-    end
-    def class_name_from_file(str)
-      str.split(".")[0].split("/").collect{|s| s.camelize }.join("::")
-    end
-    def qualified_const_get(klass)
-      if klass =~ /::/
-        namespace, klass = klass.split("::")
-        eval(namespace).const_get(klass)
-      else
-        const_get(klass)
-      end
-    end
-  end
-end

data/lib/role_authorization/exts/controller.rb DELETED Viewed

@@ -1,126 +0,0 @@
-module RoleAuthorization
-  module Exts
-    module Controller
-      def self.included(base)
-        base.class_eval do
-          helper_method :authorized?
-          helper_method :accessible?
-        end
-        base.send :extend, RoleAuthorization::Ruleset::ClassMethods
-        base.send :cattr_ruleset, :ruleset, :allowable_groups
-        base.send :extend, ClassMethods
-        base.send :include, InstanceMethods
-      end
-      module ClassMethods
-        def allow_group(*args)
-          add_to_allowable_groups(self.controller_rule_name, args)
-          add_role_authorization_filter
-        end
-        def allow(&block)
-          add_to_ruleset(self.controller_rule_name, &block)
-          add_role_authorization_filter
-        end
-        def add_role_authorization_filter
-          callbacks = _process_action_callbacks
-          chain = callbacks.select {|cl| cl.klass.to_s.include?(name)}.collect(&:filter).select {|c| c.is_a?(Symbol)}
-          before_filter :check_request_authorization unless chain.include?(:check_request_authorization)
-        end
-        def controller_rule_name
-          @controller_rule_name ||= name.gsub('Controller', '').underscore.downcase
-        end
-        def controller_model
-          @controller_model ||= name.gsub('Controller', '').singularize
-        end
-      end # ClassMethods
-      module InstanceMethods
-        def check_request_authorization
-          unless authorized_action?(self, self.class.controller_rule_name, action_name.to_sym, params[:id])
-            raise SecurityError, "You do not have the required clearance to access this resource."
-          end
-        end
-        def authorized_action?(controller_klass, controller, action, id = nil)
-          # by default admins see everything
-          return true if current_user_is_admin?
-          ruleset = self.class.ruleset[controller]
-          groups = RoleAuthorization::AllowGroup.get(self.class.allowable_groups[controller])
-          if defined?(DEBUG_AUTHORIZATION_RULES) == 'constant'
-            Rails.logger.info "#" * 60
-            Rails.logger.info ruleset.to_s
-            Rails.logger.info "#" * 60
-          end
-          # we have no ruleset for this controller or any allow groups so deny
-          return false if ruleset.nil? && groups.empty?
-          # first check controller ruleset
-          unless ruleset.nil?
-            return true if ruleset.authorized?(controller_klass, controller, :all, id)
-            return true if ruleset.authorized?(controller_klass, controller, action, id)
-          end
-          # next check any allow groups
-          unless groups.empty?
-            groups.each do |group|
-              return true if group.authorized?(controller_klass, controller, :all, id)
-              return true if group.authorized?(controller_klass, controller, action, id)
-            end
-          end
-          # finally deny if they haven't passed any rules
-          return false
-        end
-        def accessible?(access_role)
-          return true if current_user_is_admin?
-          return false if access_role.nil?
-          return true if access_role.name.to_sym == :public
-          return false if session[:access_rights].nil?
-          session[:access_rights].include?(access_role.name.to_sym)
-        end
-        def authorized?(url, method = nil)
-          return false unless url
-          return true if current_user_is_admin?
-          method ||= (params[:method] || request.method)
-          url_parts = URI::split(url.strip)
-          path = url_parts[5]
-          begin
-            hash = Rails.application.routes.recognize_path(path, :method => method)
-            return authorized_action?(self, hash[:controller], hash[:action].to_sym, hash[:id]) if hash
-          rescue Exception => e
-            Rails.logger.error e.inspect
-            e.backtrace.each {|line| Rails.logger.error line }
-            # continue on
-          end
-          # Mailto link
-          return true if url =~ /^mailto:/
-          # Public file
-          file = File.join(Rails.root, 'public', url)
-          return true if File.exists?(file)
-          # Passing in different domain
-          return remote_url?(url_parts[2])
-        end
-        def remote_url?(domain = nil)
-          return false if domain.nil? || domain.strip.length == 0
-          request.host.downcase != domain.downcase
-        end
-      end # InstanceMethods
-    end
-  end
-end

data/lib/role_authorization/exts/model.rb DELETED Viewed

@@ -1,126 +0,0 @@
-module RoleAuthorization
-  module Exts
-    module Model
-      def self.included(base)
-        base.send :extend, ClassMethods
-        base.send :include, InstanceMethods
-      end
-      module ClassMethods
-        def roleable_options
-          @roleable_options
-        end
-        def roleable_options=(options)
-          @roleable_options = options
-        end
-        def roleable options = {}
-          has_many :roles, :as => :roleable, :dependent => :delete_all
-          after_create :create_roles
-          send(:extend, SpecificClassMethods)
-          options[:name] ||= :class
-          options[:priority] ||= {}
-          options[:creation_priority] ||= {}
-          options[:roles] ||= [:default]
-          options[:roles].each do |role_name|
-            options[:priority][role_name] ||= 1
-            options[:creation_priority][role_name] ||= 1
-          end
-          options[:cache] = {}
-          @roleable_options = options
-        end # roleable
-        def enrolled(role_name)
-          roles = Role.all(:conditions => {:roleable_type => self.to_s, :name => role_name.to_s})
-          unless roles.empty?
-            roles.collect(&:users).flatten
-          else
-            []
-          end
-        end
-      end # ClassMethods
-      module SpecificClassMethods
-        def reset_roles
-          all.map(&:reset_roles)
-        end
-      end
-      module InstanceMethods
-        def reset_roles
-          options = self.class.roleable_options
-          mroles = roles.all
-          rejected_roles = mroles.reject {|r| options[:roles].include?(r.name.to_sym)}
-          rejected_roles.map {|rejected_role| rejected_role.destroy}
-          valid_roles = mroles - rejected_roles
-          valid_role_names = valid_roles.collect(&:name)
-          new_roles = options[:roles].select {|role| !valid_role_names.include?(role.to_sym)}
-          valid_roles.each do |role|
-            if roles.find_by_name(role.name.to_s).nil?
-              roles.create(:name => role.name.to_s,
-                           :display_name => "#{self.send(options[:name])} #{role.name.to_s}",
-                           :creation_priority => options[:creation_priority][role.name.to_s],
-                           :priority => options[:priority][role.name.to_s])
-            end
-          end
-          new_roles.each do |role|
-            roles.create(:name => role.to_s,
-                         :display_name => "#{self.send(options[:name])} #{role.to_s}",
-                         :creation_priority => options[:creation_priority][role],
-                         :priority => options[:priority][role])
-          end
-          roles(true).all
-        end
-        def enroll(user, role)
-          options = self.class.roleable_options
-          role = role.is_a?(Integer) ? roles.find_by_id(role) : roles.find_by_name(role.to_s)
-          user_id = ((user.is_a?(Integer) || user.is_a?(String)) ? user.to_i : user.id)
-          unless role.nil?
-            role.user_roles.create(:user_id => user_id)
-          end
-        end
-        alias_method :assign, :enroll
-        def enrolled(role)
-          role = roles.find_by_name(role.to_s)
-          unless role.nil?
-            role.users
-          else
-            []
-          end
-        end
-        def withdraw(user, role = nil)
-          options = self.class.roleable_options
-          role = role.is_a?(Integer) ? roles.find_by_id(role, :include => :user_roles) : roles.find_by_name(role.to_s, :include => :user_roles)
-          user_id = ((user.is_a?(Integer) || user.is_a?(String)) ? user.to_i : user.id)
-          unless role.nil?
-            role.user_roles.first(:conditions => {:user_id => user_id}).try(:destroy)
-          else
-            UserRole.all(:conditions => {:user_id => user_id, :role_id => role_ids}).map(&:destroy)
-          end
-        end
-        private
-        def create_roles
-          options = self.class.roleable_options
-          options[:roles].each do |role|
-            roles.create(:name => role.to_s,
-                         :display_name => "#{self.send(options[:name])} #{role.to_s}",
-                         :creation_priority => options[:creation_priority][role],
-                         :priority => options[:priority][role])
-          end
-        end # create_user_roles
-      end # InstanceMethods
-    end
-  end
-end

data/lib/role_authorization/exts/session.rb DELETED Viewed

@@ -1,52 +0,0 @@
-module RoleAuthorization
-  module Exts
-    module Session
-      def self.included(base)
-        base.send :include, InstanceMethods
-        base.class_eval do
-          helper_method :current_user_is_admin?
-          helper_method :admin?
-          helper_method :access_in_role?
-        end
-      end
-      module InstanceMethods
-        protected
-        def add_role_authorization_session_values(user = nil)
-          user ||= current_user
-          if user
-            roles = user.roles.where({:roleable_id => nil}).all
-            session[:access_rights] = roles.collect {|role| role.name.to_sym}
-          end
-        end
-        def current_user_is_admin?
-          !session[:access_rights].nil? && session[:access_rights].include?(:all)
-        end
-        def admin?
-          current_user_is_admin?
-        end
-        def access_in_role?(role)
-          return true if current_user_is_admin?
-          return true if session_access_rights_include?(role)
-          false
-        end
-        def session_access_rights_include?(role)
-          return false unless session[:access_rights]
-          session[:access_rights].include?(role)
-        end
-        def reset_role_authorization_session
-          [:access_rights].each do |val|
-            session[val] = nil if session[val]
-          end
-        end
-      end
-    end
-  end
-end