RubyGems - role_authorization - Versions diffs - 0.1.6 → 0.2.0 - Mend

role_authorization 0.1.6 → 0.2.0

Files changed (32) hide show

data/Gemfile.lock +1 -1
data/lib/rails/role_authorization.rb +9 -1
data/lib/role_authorization/active_record.rb +7 -0
data/lib/role_authorization/{allow_group.rb → controller/allow_group.rb} +0 -0
data/lib/role_authorization/controller/mapper.rb +44 -0
data/lib/role_authorization/{ruleset.rb → controller/ruleset.rb} +3 -5
data/lib/role_authorization/controller.rb +117 -0
data/lib/role_authorization/roles/manager.rb +84 -0
data/lib/role_authorization/roles/role.rb +66 -0
data/lib/role_authorization/roles/role_group.rb +16 -0
data/lib/role_authorization/roles.rb +14 -0
data/lib/role_authorization/rules/defaults.rb +25 -0
data/lib/role_authorization/rules/rule.rb +33 -0
data/lib/role_authorization/rules.rb +12 -0
data/lib/role_authorization/user.rb +121 -0
data/lib/role_authorization/version.rb +1 -1
data/lib/role_authorization/view_security.rb +114 -0
data/lib/role_authorization.rb +61 -1
metadata +16 -17
data/lib/role_authorization/base.rb +0 -116
data/lib/role_authorization/exts/controller.rb +0 -126
data/lib/role_authorization/exts/model.rb +0 -126
data/lib/role_authorization/exts/session.rb +0 -52
data/lib/role_authorization/exts/user.rb +0 -58
data/lib/role_authorization/exts/view.rb +0 -77
data/lib/role_authorization/mapper.rb +0 -76
data/lib/role_authorization/rules/access.rb +0 -88
data/lib/role_authorization/rules/basic.rb +0 -22
data/lib/role_authorization/rules/custom.rb +0 -32
data/lib/role_authorization/rules/object_role.rb +0 -51
data/lib/role_authorization/rules/resource.rb +0 -106
data/lib/role_authorization/rules/user.rb +0 -70

data/lib/role_authorization/view_security.rb ADDED Viewed

@@ -0,0 +1,114 @@
+module RoleAuthorization
+  module ViewSecurity
+    def self.included(base)
+      base.send(:include, InstanceMethods)
+      base.class_eval do
+        alias_method :link_to_open, :link_to
+        alias_method :link_to, :link_to_secured
+        alias_method :button_to_open, :button_to
+        alias_method :button_to, :button_to_secured
+        alias_method :form_for_open, :form_for
+        alias_method :form_for, :form_for_secured
+      end
+    end
+    module InstanceMethods
+      def form_for_secured(record_or_name_or_array, *args, &proc)
+        options = args.last.is_a?(Hash) ? args.last : {}
+        url = url_for(options[:url] || record_or_name_or_array)
+        method = (options[:html] && options[:html].has_key?(:method)) ? options[:html][:method] : :post
+        if authorized?(url, method)
+          return form_for_open(record_or_name_or_array, *args, &proc)
+        else
+          return ""
+        end
+      end
+      def link_to_secured(name, options = {}, html_options = nil)
+        url = url_for(options)
+        method = (html_options && html_options.has_key?(:method)) ? html_options[:method] : :get
+        if authorized?(url, method)
+          return link_to_open(name, url, html_options)
+        else
+          return ""
+        end
+      end
+      def button_to_secured(name, options = {}, html_options = nil)
+        url = url_for(options)
+        method = (html_options && html_options.has_key?(:method)) ? html_options[:method] : :post
+        if authorized?(url, method)
+          return button_to_open(name, url, html_options)
+        else
+          return ""
+        end
+      end
+      def link_to_or_show(name, options = {}, html_options = nil)
+        lnk = link_to(name, options, html_options)
+        lnk.length == 0 ? name : lnk
+      end
+    end # InstanceMethods
+    module ClassMethods
+      def load_controller_classes
+        @controller_classes = {}
+        maybe_load_framework_controller_parent
+        Dir.chdir("#{Rails.root}/app/controllers") do
+          Dir["**/*.rb"].sort.each do |c|
+            next if c.include?("application")
+            rola_load(c)
+          end
+        end
+      end
+      def maybe_load_framework_controller_parent
+        if ::Rails::VERSION::MAJOR >= 3 || (::Rails::VERSION::MAJOR >= 2 && ::Rails::VERSION::MINOR >= 3)
+          filename = "application_controller.rb"
+        else
+          filename = "application.rb"
+        end
+        require_or_load(filename)
+      end
+      def rola_load(filename)
+        klass = class_name_from_file(filename)
+        require_or_load(filename)
+        @controller_classes[klass] = qualified_const_get(klass)
+      end
+      def require_or_load(filename)
+        if ActiveSupport.const_defined?("Dependencies")
+          ActiveSupport::Dependencies.require_or_load(filename)
+        else
+          Dependencies.require_or_load(filename)
+        end
+      end
+      def class_name_from_file(str)
+        str.split(".")[0].split("/").collect{|s| s.camelize }.join("::")
+      end
+      def qualified_const_get(klass)
+        if klass =~ /::/
+          namespace, klass = klass.split("::")
+          eval(namespace).const_get(klass)
+        else
+          const_get(klass)
+        end
+      end
+    end
+    extend ClassMethods
+  end
+end

data/lib/role_authorization.rb CHANGED Viewed

@@ -1,3 +1,63 @@
-require 'role_authorization/base'
+# controller
+require 'role_authorization/controller/mapper'
+require 'role_authorization/controller/ruleset'
+require 'role_authorization/controller/allow_group'
+require 'role_authorization/controller'
+# roles
+require 'role_authorization/roles/manager'
+require 'role_authorization/roles/role'
+require 'role_authorization/roles/role_group'
+require 'role_authorization/roles'
+# active record
+require 'role_authorization/active_record'
+# rules
+require 'role_authorization/rules'
+require 'role_authorization/rules/rule'
+require 'role_authorization/rules/defaults'
+# exts
+require 'role_authorization/user'
 require 'rails/role_authorization' if defined?(Rails)
+module RoleAuthorization
+  module ClassMethods
+    def load_rules
+      # load default rules
+      Dir.chdir(File.dirname(__FILE__)) do
+        Dir["rules/*.rb"].each do |rule_definition|
+          require "#{File.dirname(__FILE__)}/#{rule_definition}"
+        end
+      end
+      # load application rules
+      Dir.chdir(Rails.root) do
+        Dir["lib/rules/*.rb"].each do |rule_definition|
+          require "#{Rails.root}/#{rule_definition}"
+        end
+      end
+      # load allow groups
+      Dir.chdir(Rails.root) do
+        Dir["lib/allow_groups/*.rb"].each do |allow_group|
+          require "#{Rails.root}/#{allow_group}"
+        end
+      end
+    end
+    def enable_view_security
+      if RoleAuthorization.view_security
+        require 'role_authorization/view_security'
+        unless ActionView::Base.instance_methods.include? :link_to_or_show
+          ActionView::Base.class_eval { include RoleAuthorization::ViewSecurity }
+        end
+      end
+    end
+  end
+  extend ClassMethods
+end

metadata CHANGED Viewed

@@ -2,7 +2,7 @@
 name: role_authorization
 version: !ruby/object:Gem::Version
   prerelease:
-  version: 0.1.6
+  version: 0.2.0
 platform: ruby
 authors:
 - John 'asceth' Long
@@ -10,7 +10,7 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-03-03 00:00:00 -05:00
+date: 2011-03-08 00:00:00 -05:00
 default_executable:
 dependencies:
 - !ruby/object:Gem::Dependency
@@ -56,22 +56,21 @@ files:
 - Rakefile
 - lib/rails/role_authorization.rb
 - lib/role_authorization.rb
-- lib/role_authorization/allow_group.rb
-- lib/role_authorization/base.rb
-- lib/role_authorization/exts/controller.rb
-- lib/role_authorization/exts/model.rb
-- lib/role_authorization/exts/session.rb
-- lib/role_authorization/exts/user.rb
-- lib/role_authorization/exts/view.rb
-- lib/role_authorization/mapper.rb
-- lib/role_authorization/rules/access.rb
-- lib/role_authorization/rules/basic.rb
-- lib/role_authorization/rules/custom.rb
-- lib/role_authorization/rules/object_role.rb
-- lib/role_authorization/rules/resource.rb
-- lib/role_authorization/rules/user.rb
-- lib/role_authorization/ruleset.rb
+- lib/role_authorization/active_record.rb
+- lib/role_authorization/controller.rb
+- lib/role_authorization/controller/allow_group.rb
+- lib/role_authorization/controller/mapper.rb
+- lib/role_authorization/controller/ruleset.rb
+- lib/role_authorization/roles.rb
+- lib/role_authorization/roles/manager.rb
+- lib/role_authorization/roles/role.rb
+- lib/role_authorization/roles/role_group.rb
+- lib/role_authorization/rules.rb
+- lib/role_authorization/rules/defaults.rb
+- lib/role_authorization/rules/rule.rb
+- lib/role_authorization/user.rb
 - lib/role_authorization/version.rb
+- lib/role_authorization/view_security.rb
 - migrations/01_user_roles.rb
 - role_authorization.gemspec
 has_rdoc: true

data/lib/role_authorization/base.rb DELETED Viewed

@@ -1,116 +0,0 @@
-module RoleAuthorization
-  class << self
-    # shortcut for <tt>enable_actionpack; enable_activerecord</tt>
-    def enable
-      # load rule mapper
-      load 'role_authorization/mapper.rb'
-      load 'role_authorization/ruleset.rb'
-      load 'role_authorization/allow_group.rb'
-      load 'role_authorization/rules/basic.rb'
-      # load default rules
-      Dir.chdir(File.dirname(__FILE__)) do
-        Dir["rules/*.rb"].each do |rule_definition|
-          require "#{File.dirname(__FILE__)}/#{rule_definition}"
-        end
-      end
-      # load application rules
-      Dir.chdir(Rails.root) do
-        Dir["lib/rules/*.rb"].each do |rule_definition|
-          require "#{Rails.root}/#{rule_definition}"
-        end
-      end
-      # load allow groups
-      Dir.chdir(Rails.root) do
-        Dir["lib/allow_groups/*.rb"].each do |allow_group|
-          require "#{Rails.root}/#{allow_group}"
-        end
-      end
-      enable_actionpack
-      enable_activerecord
-    end
-    def enable_actionpack
-      load 'role_authorization/exts/view.rb'
-      unless ActionView::Base.instance_methods.include? :link_to_or_show
-        ActionView::Base.class_eval { include Exts::View }
-      end
-      load 'role_authorization/exts/session.rb'
-      load 'role_authorization/exts/controller.rb'
-      unless ActionController::Base.instance_methods.include? :authorized?
-        ActionController::Base.class_eval { include Exts::Session }
-        ActionController::Base.class_eval { include Exts::Controller }
-      end
-    end
-    def enable_activerecord
-      load 'role_authorization/exts/model.rb'
-      unless ActiveRecord::Base.instance_methods.include? :roleable
-        ActiveRecord::Base.class_eval { include Exts::Model }
-      end
-      load 'role_authorization/exts/user.rb'
-    end
-    def load_controller_classes
-      @controller_classes = {}
-      maybe_load_framework_controller_parent
-      Dir.chdir("#{Rails.root}/app/controllers") do
-        Dir["**/*.rb"].sort.each do |c|
-          next if c.include?("application")
-          rola_load(c)
-        end
-      end
-#       if ENV['RAILS_ENV'] != 'production'
-#         if ActiveSupport.const_defined?("Dependencies")
-#           ActiveSupport::Dependencies.clear
-#         else
-#           Dependencies.clear
-#         end
-#       end
-    end
-    def maybe_load_framework_controller_parent
-      if ::Rails::VERSION::MAJOR >= 3 || (::Rails::VERSION::MAJOR >= 2 && ::Rails::VERSION::MINOR >= 3)
-        filename = "application_controller.rb"
-      else
-        filename = "application.rb"
-      end
-      require_or_load(filename)
-    end
-    def rola_load(filename)
-      klass = class_name_from_file(filename)
-      require_or_load(filename)
-      @controller_classes[klass] = qualified_const_get(klass)
-    end
-    def require_or_load(filename)
-      if ActiveSupport.const_defined?("Dependencies")
-        ActiveSupport::Dependencies.require_or_load(filename)
-      else
-        Dependencies.require_or_load(filename)
-      end
-    end
-    def class_name_from_file(str)
-      str.split(".")[0].split("/").collect{|s| s.camelize }.join("::")
-    end
-    def qualified_const_get(klass)
-      if klass =~ /::/
-        namespace, klass = klass.split("::")
-        eval(namespace).const_get(klass)
-      else
-        const_get(klass)
-      end
-    end
-  end
-end

data/lib/role_authorization/exts/controller.rb DELETED Viewed

@@ -1,126 +0,0 @@
-module RoleAuthorization
-  module Exts
-    module Controller
-      def self.included(base)
-        base.class_eval do
-          helper_method :authorized?
-          helper_method :accessible?
-        end
-        base.send :extend, RoleAuthorization::Ruleset::ClassMethods
-        base.send :cattr_ruleset, :ruleset, :allowable_groups
-        base.send :extend, ClassMethods
-        base.send :include, InstanceMethods
-      end
-      module ClassMethods
-        def allow_group(*args)
-          add_to_allowable_groups(self.controller_rule_name, args)
-          add_role_authorization_filter
-        end
-        def allow(&block)
-          add_to_ruleset(self.controller_rule_name, &block)
-          add_role_authorization_filter
-        end
-        def add_role_authorization_filter
-          callbacks = _process_action_callbacks
-          chain = callbacks.select {|cl| cl.klass.to_s.include?(name)}.collect(&:filter).select {|c| c.is_a?(Symbol)}
-          before_filter :check_request_authorization unless chain.include?(:check_request_authorization)
-        end
-        def controller_rule_name
-          @controller_rule_name ||= name.gsub('Controller', '').underscore.downcase
-        end
-        def controller_model
-          @controller_model ||= name.gsub('Controller', '').singularize
-        end
-      end # ClassMethods
-      module InstanceMethods
-        def check_request_authorization
-          unless authorized_action?(self, self.class.controller_rule_name, action_name.to_sym, params[:id])
-            raise SecurityError, "You do not have the required clearance to access this resource."
-          end
-        end
-        def authorized_action?(controller_klass, controller, action, id = nil)
-          # by default admins see everything
-          return true if current_user_is_admin?
-          ruleset = self.class.ruleset[controller]
-          groups = RoleAuthorization::AllowGroup.get(self.class.allowable_groups[controller])
-          if defined?(DEBUG_AUTHORIZATION_RULES) == 'constant'
-            Rails.logger.info "#" * 60
-            Rails.logger.info ruleset.to_s
-            Rails.logger.info "#" * 60
-          end
-          # we have no ruleset for this controller or any allow groups so deny
-          return false if ruleset.nil? && groups.empty?
-          # first check controller ruleset
-          unless ruleset.nil?
-            return true if ruleset.authorized?(controller_klass, controller, :all, id)
-            return true if ruleset.authorized?(controller_klass, controller, action, id)
-          end
-          # next check any allow groups
-          unless groups.empty?
-            groups.each do |group|
-              return true if group.authorized?(controller_klass, controller, :all, id)
-              return true if group.authorized?(controller_klass, controller, action, id)
-            end
-          end
-          # finally deny if they haven't passed any rules
-          return false
-        end
-        def accessible?(access_role)
-          return true if current_user_is_admin?
-          return false if access_role.nil?
-          return true if access_role.name.to_sym == :public
-          return false if session[:access_rights].nil?
-          session[:access_rights].include?(access_role.name.to_sym)
-        end
-        def authorized?(url, method = nil)
-          return false unless url
-          return true if current_user_is_admin?
-          method ||= (params[:method] || request.method)
-          url_parts = URI::split(url.strip)
-          path = url_parts[5]
-          begin
-            hash = Rails.application.routes.recognize_path(path, :method => method)
-            return authorized_action?(self, hash[:controller], hash[:action].to_sym, hash[:id]) if hash
-          rescue Exception => e
-            Rails.logger.error e.inspect
-            e.backtrace.each {|line| Rails.logger.error line }
-            # continue on
-          end
-          # Mailto link
-          return true if url =~ /^mailto:/
-          # Public file
-          file = File.join(Rails.root, 'public', url)
-          return true if File.exists?(file)
-          # Passing in different domain
-          return remote_url?(url_parts[2])
-        end
-        def remote_url?(domain = nil)
-          return false if domain.nil? || domain.strip.length == 0
-          request.host.downcase != domain.downcase
-        end
-      end # InstanceMethods
-    end
-  end
-end

data/lib/role_authorization/exts/model.rb DELETED Viewed

@@ -1,126 +0,0 @@
-module RoleAuthorization
-  module Exts
-    module Model
-      def self.included(base)
-        base.send :extend, ClassMethods
-        base.send :include, InstanceMethods
-      end
-      module ClassMethods
-        def roleable_options
-          @roleable_options
-        end
-        def roleable_options=(options)
-          @roleable_options = options
-        end
-        def roleable options = {}
-          has_many :roles, :as => :roleable, :dependent => :delete_all
-          after_create :create_roles
-          send(:extend, SpecificClassMethods)
-          options[:name] ||= :class
-          options[:priority] ||= {}
-          options[:creation_priority] ||= {}
-          options[:roles] ||= [:default]
-          options[:roles].each do |role_name|
-            options[:priority][role_name] ||= 1
-            options[:creation_priority][role_name] ||= 1
-          end
-          options[:cache] = {}
-          @roleable_options = options
-        end # roleable
-        def enrolled(role_name)
-          roles = Role.all(:conditions => {:roleable_type => self.to_s, :name => role_name.to_s})
-          unless roles.empty?
-            roles.collect(&:users).flatten
-          else
-            []
-          end
-        end
-      end # ClassMethods
-      module SpecificClassMethods
-        def reset_roles
-          all.map(&:reset_roles)
-        end
-      end
-      module InstanceMethods
-        def reset_roles
-          options = self.class.roleable_options
-          mroles = roles.all
-          rejected_roles = mroles.reject {|r| options[:roles].include?(r.name.to_sym)}
-          rejected_roles.map {|rejected_role| rejected_role.destroy}
-          valid_roles = mroles - rejected_roles
-          valid_role_names = valid_roles.collect(&:name)
-          new_roles = options[:roles].select {|role| !valid_role_names.include?(role.to_sym)}
-          valid_roles.each do |role|
-            if roles.find_by_name(role.name.to_s).nil?
-              roles.create(:name => role.name.to_s,
-                           :display_name => "#{self.send(options[:name])} #{role.name.to_s}",
-                           :creation_priority => options[:creation_priority][role.name.to_s],
-                           :priority => options[:priority][role.name.to_s])
-            end
-          end
-          new_roles.each do |role|
-            roles.create(:name => role.to_s,
-                         :display_name => "#{self.send(options[:name])} #{role.to_s}",
-                         :creation_priority => options[:creation_priority][role],
-                         :priority => options[:priority][role])
-          end
-          roles(true).all
-        end
-        def enroll(user, role)
-          options = self.class.roleable_options
-          role = role.is_a?(Integer) ? roles.find_by_id(role) : roles.find_by_name(role.to_s)
-          user_id = ((user.is_a?(Integer) || user.is_a?(String)) ? user.to_i : user.id)
-          unless role.nil?
-            role.user_roles.create(:user_id => user_id)
-          end
-        end
-        alias_method :assign, :enroll
-        def enrolled(role)
-          role = roles.find_by_name(role.to_s)
-          unless role.nil?
-            role.users
-          else
-            []
-          end
-        end
-        def withdraw(user, role = nil)
-          options = self.class.roleable_options
-          role = role.is_a?(Integer) ? roles.find_by_id(role, :include => :user_roles) : roles.find_by_name(role.to_s, :include => :user_roles)
-          user_id = ((user.is_a?(Integer) || user.is_a?(String)) ? user.to_i : user.id)
-          unless role.nil?
-            role.user_roles.first(:conditions => {:user_id => user_id}).try(:destroy)
-          else
-            UserRole.all(:conditions => {:user_id => user_id, :role_id => role_ids}).map(&:destroy)
-          end
-        end
-        private
-        def create_roles
-          options = self.class.roleable_options
-          options[:roles].each do |role|
-            roles.create(:name => role.to_s,
-                         :display_name => "#{self.send(options[:name])} #{role.to_s}",
-                         :creation_priority => options[:creation_priority][role],
-                         :priority => options[:priority][role])
-          end
-        end # create_user_roles
-      end # InstanceMethods
-    end
-  end
-end

data/lib/role_authorization/exts/session.rb DELETED Viewed

@@ -1,52 +0,0 @@
-module RoleAuthorization
-  module Exts
-    module Session
-      def self.included(base)
-        base.send :include, InstanceMethods
-        base.class_eval do
-          helper_method :current_user_is_admin?
-          helper_method :admin?
-          helper_method :access_in_role?
-        end
-      end
-      module InstanceMethods
-        protected
-        def add_role_authorization_session_values(user = nil)
-          user ||= current_user
-          if user
-            roles = user.roles.where({:roleable_id => nil}).all
-            session[:access_rights] = roles.collect {|role| role.name.to_sym}
-          end
-        end
-        def current_user_is_admin?
-          !session[:access_rights].nil? && session[:access_rights].include?(:all)
-        end
-        def admin?
-          current_user_is_admin?
-        end
-        def access_in_role?(role)
-          return true if current_user_is_admin?
-          return true if session_access_rights_include?(role)
-          false
-        end
-        def session_access_rights_include?(role)
-          return false unless session[:access_rights]
-          session[:access_rights].include?(role)
-        end
-        def reset_role_authorization_session
-          [:access_rights].each do |val|
-            session[val] = nil if session[val]
-          end
-        end
-      end
-    end
-  end
-end