role_authorization 0.1.6 → 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile.lock +1 -1
- data/lib/rails/role_authorization.rb +9 -1
- data/lib/role_authorization/active_record.rb +7 -0
- data/lib/role_authorization/{allow_group.rb → controller/allow_group.rb} +0 -0
- data/lib/role_authorization/controller/mapper.rb +44 -0
- data/lib/role_authorization/{ruleset.rb → controller/ruleset.rb} +3 -5
- data/lib/role_authorization/controller.rb +117 -0
- data/lib/role_authorization/roles/manager.rb +84 -0
- data/lib/role_authorization/roles/role.rb +66 -0
- data/lib/role_authorization/roles/role_group.rb +16 -0
- data/lib/role_authorization/roles.rb +14 -0
- data/lib/role_authorization/rules/defaults.rb +25 -0
- data/lib/role_authorization/rules/rule.rb +33 -0
- data/lib/role_authorization/rules.rb +12 -0
- data/lib/role_authorization/user.rb +121 -0
- data/lib/role_authorization/version.rb +1 -1
- data/lib/role_authorization/view_security.rb +114 -0
- data/lib/role_authorization.rb +61 -1
- metadata +16 -17
- data/lib/role_authorization/base.rb +0 -116
- data/lib/role_authorization/exts/controller.rb +0 -126
- data/lib/role_authorization/exts/model.rb +0 -126
- data/lib/role_authorization/exts/session.rb +0 -52
- data/lib/role_authorization/exts/user.rb +0 -58
- data/lib/role_authorization/exts/view.rb +0 -77
- data/lib/role_authorization/mapper.rb +0 -76
- data/lib/role_authorization/rules/access.rb +0 -88
- data/lib/role_authorization/rules/basic.rb +0 -22
- data/lib/role_authorization/rules/custom.rb +0 -32
- data/lib/role_authorization/rules/object_role.rb +0 -51
- data/lib/role_authorization/rules/resource.rb +0 -106
- data/lib/role_authorization/rules/user.rb +0 -70
@@ -0,0 +1,114 @@
|
|
1
|
+
module RoleAuthorization
|
2
|
+
module ViewSecurity
|
3
|
+
def self.included(base)
|
4
|
+
base.send(:include, InstanceMethods)
|
5
|
+
base.class_eval do
|
6
|
+
alias_method :link_to_open, :link_to
|
7
|
+
alias_method :link_to, :link_to_secured
|
8
|
+
|
9
|
+
alias_method :button_to_open, :button_to
|
10
|
+
alias_method :button_to, :button_to_secured
|
11
|
+
|
12
|
+
alias_method :form_for_open, :form_for
|
13
|
+
alias_method :form_for, :form_for_secured
|
14
|
+
end
|
15
|
+
end
|
16
|
+
|
17
|
+
module InstanceMethods
|
18
|
+
def form_for_secured(record_or_name_or_array, *args, &proc)
|
19
|
+
options = args.last.is_a?(Hash) ? args.last : {}
|
20
|
+
|
21
|
+
url = url_for(options[:url] || record_or_name_or_array)
|
22
|
+
|
23
|
+
method = (options[:html] && options[:html].has_key?(:method)) ? options[:html][:method] : :post
|
24
|
+
|
25
|
+
if authorized?(url, method)
|
26
|
+
return form_for_open(record_or_name_or_array, *args, &proc)
|
27
|
+
else
|
28
|
+
return ""
|
29
|
+
end
|
30
|
+
end
|
31
|
+
|
32
|
+
def link_to_secured(name, options = {}, html_options = nil)
|
33
|
+
url = url_for(options)
|
34
|
+
|
35
|
+
method = (html_options && html_options.has_key?(:method)) ? html_options[:method] : :get
|
36
|
+
|
37
|
+
if authorized?(url, method)
|
38
|
+
return link_to_open(name, url, html_options)
|
39
|
+
else
|
40
|
+
return ""
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
def button_to_secured(name, options = {}, html_options = nil)
|
45
|
+
url = url_for(options)
|
46
|
+
|
47
|
+
method = (html_options && html_options.has_key?(:method)) ? html_options[:method] : :post
|
48
|
+
|
49
|
+
if authorized?(url, method)
|
50
|
+
return button_to_open(name, url, html_options)
|
51
|
+
else
|
52
|
+
return ""
|
53
|
+
end
|
54
|
+
end
|
55
|
+
|
56
|
+
def link_to_or_show(name, options = {}, html_options = nil)
|
57
|
+
lnk = link_to(name, options, html_options)
|
58
|
+
lnk.length == 0 ? name : lnk
|
59
|
+
end
|
60
|
+
end # InstanceMethods
|
61
|
+
|
62
|
+
module ClassMethods
|
63
|
+
def load_controller_classes
|
64
|
+
@controller_classes = {}
|
65
|
+
|
66
|
+
maybe_load_framework_controller_parent
|
67
|
+
|
68
|
+
Dir.chdir("#{Rails.root}/app/controllers") do
|
69
|
+
Dir["**/*.rb"].sort.each do |c|
|
70
|
+
next if c.include?("application")
|
71
|
+
rola_load(c)
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
|
76
|
+
def maybe_load_framework_controller_parent
|
77
|
+
if ::Rails::VERSION::MAJOR >= 3 || (::Rails::VERSION::MAJOR >= 2 && ::Rails::VERSION::MINOR >= 3)
|
78
|
+
filename = "application_controller.rb"
|
79
|
+
else
|
80
|
+
filename = "application.rb"
|
81
|
+
end
|
82
|
+
require_or_load(filename)
|
83
|
+
end
|
84
|
+
|
85
|
+
def rola_load(filename)
|
86
|
+
klass = class_name_from_file(filename)
|
87
|
+
require_or_load(filename)
|
88
|
+
@controller_classes[klass] = qualified_const_get(klass)
|
89
|
+
end
|
90
|
+
|
91
|
+
def require_or_load(filename)
|
92
|
+
if ActiveSupport.const_defined?("Dependencies")
|
93
|
+
ActiveSupport::Dependencies.require_or_load(filename)
|
94
|
+
else
|
95
|
+
Dependencies.require_or_load(filename)
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
def class_name_from_file(str)
|
100
|
+
str.split(".")[0].split("/").collect{|s| s.camelize }.join("::")
|
101
|
+
end
|
102
|
+
|
103
|
+
def qualified_const_get(klass)
|
104
|
+
if klass =~ /::/
|
105
|
+
namespace, klass = klass.split("::")
|
106
|
+
eval(namespace).const_get(klass)
|
107
|
+
else
|
108
|
+
const_get(klass)
|
109
|
+
end
|
110
|
+
end
|
111
|
+
end
|
112
|
+
extend ClassMethods
|
113
|
+
end
|
114
|
+
end
|
data/lib/role_authorization.rb
CHANGED
@@ -1,3 +1,63 @@
|
|
1
|
-
|
1
|
+
# controller
|
2
|
+
require 'role_authorization/controller/mapper'
|
3
|
+
require 'role_authorization/controller/ruleset'
|
4
|
+
require 'role_authorization/controller/allow_group'
|
5
|
+
require 'role_authorization/controller'
|
6
|
+
|
7
|
+
# roles
|
8
|
+
require 'role_authorization/roles/manager'
|
9
|
+
require 'role_authorization/roles/role'
|
10
|
+
require 'role_authorization/roles/role_group'
|
11
|
+
require 'role_authorization/roles'
|
12
|
+
|
13
|
+
# active record
|
14
|
+
require 'role_authorization/active_record'
|
15
|
+
|
16
|
+
# rules
|
17
|
+
require 'role_authorization/rules'
|
18
|
+
require 'role_authorization/rules/rule'
|
19
|
+
require 'role_authorization/rules/defaults'
|
20
|
+
|
21
|
+
# exts
|
22
|
+
require 'role_authorization/user'
|
23
|
+
|
2
24
|
require 'rails/role_authorization' if defined?(Rails)
|
3
25
|
|
26
|
+
module RoleAuthorization
|
27
|
+
module ClassMethods
|
28
|
+
def load_rules
|
29
|
+
# load default rules
|
30
|
+
Dir.chdir(File.dirname(__FILE__)) do
|
31
|
+
Dir["rules/*.rb"].each do |rule_definition|
|
32
|
+
require "#{File.dirname(__FILE__)}/#{rule_definition}"
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
# load application rules
|
37
|
+
Dir.chdir(Rails.root) do
|
38
|
+
Dir["lib/rules/*.rb"].each do |rule_definition|
|
39
|
+
require "#{Rails.root}/#{rule_definition}"
|
40
|
+
end
|
41
|
+
end
|
42
|
+
|
43
|
+
# load allow groups
|
44
|
+
Dir.chdir(Rails.root) do
|
45
|
+
Dir["lib/allow_groups/*.rb"].each do |allow_group|
|
46
|
+
require "#{Rails.root}/#{allow_group}"
|
47
|
+
end
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
def enable_view_security
|
52
|
+
if RoleAuthorization.view_security
|
53
|
+
require 'role_authorization/view_security'
|
54
|
+
unless ActionView::Base.instance_methods.include? :link_to_or_show
|
55
|
+
ActionView::Base.class_eval { include RoleAuthorization::ViewSecurity }
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
extend ClassMethods
|
61
|
+
end
|
62
|
+
|
63
|
+
|
metadata
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
name: role_authorization
|
3
3
|
version: !ruby/object:Gem::Version
|
4
4
|
prerelease:
|
5
|
-
version: 0.
|
5
|
+
version: 0.2.0
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
8
8
|
- John 'asceth' Long
|
@@ -10,7 +10,7 @@ autorequire:
|
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
12
|
|
13
|
-
date: 2011-03-
|
13
|
+
date: 2011-03-08 00:00:00 -05:00
|
14
14
|
default_executable:
|
15
15
|
dependencies:
|
16
16
|
- !ruby/object:Gem::Dependency
|
@@ -56,22 +56,21 @@ files:
|
|
56
56
|
- Rakefile
|
57
57
|
- lib/rails/role_authorization.rb
|
58
58
|
- lib/role_authorization.rb
|
59
|
-
- lib/role_authorization/
|
60
|
-
- lib/role_authorization/
|
61
|
-
- lib/role_authorization/
|
62
|
-
- lib/role_authorization/
|
63
|
-
- lib/role_authorization/
|
64
|
-
- lib/role_authorization/
|
65
|
-
- lib/role_authorization/
|
66
|
-
- lib/role_authorization/
|
67
|
-
- lib/role_authorization/
|
68
|
-
- lib/role_authorization/rules
|
69
|
-
- lib/role_authorization/rules/
|
70
|
-
- lib/role_authorization/rules/
|
71
|
-
- lib/role_authorization/
|
72
|
-
- lib/role_authorization/rules/user.rb
|
73
|
-
- lib/role_authorization/ruleset.rb
|
59
|
+
- lib/role_authorization/active_record.rb
|
60
|
+
- lib/role_authorization/controller.rb
|
61
|
+
- lib/role_authorization/controller/allow_group.rb
|
62
|
+
- lib/role_authorization/controller/mapper.rb
|
63
|
+
- lib/role_authorization/controller/ruleset.rb
|
64
|
+
- lib/role_authorization/roles.rb
|
65
|
+
- lib/role_authorization/roles/manager.rb
|
66
|
+
- lib/role_authorization/roles/role.rb
|
67
|
+
- lib/role_authorization/roles/role_group.rb
|
68
|
+
- lib/role_authorization/rules.rb
|
69
|
+
- lib/role_authorization/rules/defaults.rb
|
70
|
+
- lib/role_authorization/rules/rule.rb
|
71
|
+
- lib/role_authorization/user.rb
|
74
72
|
- lib/role_authorization/version.rb
|
73
|
+
- lib/role_authorization/view_security.rb
|
75
74
|
- migrations/01_user_roles.rb
|
76
75
|
- role_authorization.gemspec
|
77
76
|
has_rdoc: true
|
@@ -1,116 +0,0 @@
|
|
1
|
-
module RoleAuthorization
|
2
|
-
class << self
|
3
|
-
# shortcut for <tt>enable_actionpack; enable_activerecord</tt>
|
4
|
-
def enable
|
5
|
-
# load rule mapper
|
6
|
-
load 'role_authorization/mapper.rb'
|
7
|
-
load 'role_authorization/ruleset.rb'
|
8
|
-
load 'role_authorization/allow_group.rb'
|
9
|
-
load 'role_authorization/rules/basic.rb'
|
10
|
-
|
11
|
-
# load default rules
|
12
|
-
Dir.chdir(File.dirname(__FILE__)) do
|
13
|
-
Dir["rules/*.rb"].each do |rule_definition|
|
14
|
-
require "#{File.dirname(__FILE__)}/#{rule_definition}"
|
15
|
-
end
|
16
|
-
end
|
17
|
-
|
18
|
-
# load application rules
|
19
|
-
Dir.chdir(Rails.root) do
|
20
|
-
Dir["lib/rules/*.rb"].each do |rule_definition|
|
21
|
-
require "#{Rails.root}/#{rule_definition}"
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
# load allow groups
|
26
|
-
Dir.chdir(Rails.root) do
|
27
|
-
Dir["lib/allow_groups/*.rb"].each do |allow_group|
|
28
|
-
require "#{Rails.root}/#{allow_group}"
|
29
|
-
end
|
30
|
-
end
|
31
|
-
|
32
|
-
enable_actionpack
|
33
|
-
enable_activerecord
|
34
|
-
end
|
35
|
-
|
36
|
-
def enable_actionpack
|
37
|
-
load 'role_authorization/exts/view.rb'
|
38
|
-
unless ActionView::Base.instance_methods.include? :link_to_or_show
|
39
|
-
ActionView::Base.class_eval { include Exts::View }
|
40
|
-
end
|
41
|
-
|
42
|
-
load 'role_authorization/exts/session.rb'
|
43
|
-
load 'role_authorization/exts/controller.rb'
|
44
|
-
unless ActionController::Base.instance_methods.include? :authorized?
|
45
|
-
ActionController::Base.class_eval { include Exts::Session }
|
46
|
-
ActionController::Base.class_eval { include Exts::Controller }
|
47
|
-
end
|
48
|
-
end
|
49
|
-
|
50
|
-
def enable_activerecord
|
51
|
-
load 'role_authorization/exts/model.rb'
|
52
|
-
unless ActiveRecord::Base.instance_methods.include? :roleable
|
53
|
-
ActiveRecord::Base.class_eval { include Exts::Model }
|
54
|
-
end
|
55
|
-
|
56
|
-
load 'role_authorization/exts/user.rb'
|
57
|
-
end
|
58
|
-
|
59
|
-
def load_controller_classes
|
60
|
-
@controller_classes = {}
|
61
|
-
|
62
|
-
maybe_load_framework_controller_parent
|
63
|
-
|
64
|
-
Dir.chdir("#{Rails.root}/app/controllers") do
|
65
|
-
Dir["**/*.rb"].sort.each do |c|
|
66
|
-
next if c.include?("application")
|
67
|
-
rola_load(c)
|
68
|
-
end
|
69
|
-
end
|
70
|
-
|
71
|
-
# if ENV['RAILS_ENV'] != 'production'
|
72
|
-
# if ActiveSupport.const_defined?("Dependencies")
|
73
|
-
# ActiveSupport::Dependencies.clear
|
74
|
-
# else
|
75
|
-
# Dependencies.clear
|
76
|
-
# end
|
77
|
-
# end
|
78
|
-
end
|
79
|
-
|
80
|
-
def maybe_load_framework_controller_parent
|
81
|
-
if ::Rails::VERSION::MAJOR >= 3 || (::Rails::VERSION::MAJOR >= 2 && ::Rails::VERSION::MINOR >= 3)
|
82
|
-
filename = "application_controller.rb"
|
83
|
-
else
|
84
|
-
filename = "application.rb"
|
85
|
-
end
|
86
|
-
require_or_load(filename)
|
87
|
-
end
|
88
|
-
|
89
|
-
def rola_load(filename)
|
90
|
-
klass = class_name_from_file(filename)
|
91
|
-
require_or_load(filename)
|
92
|
-
@controller_classes[klass] = qualified_const_get(klass)
|
93
|
-
end
|
94
|
-
|
95
|
-
def require_or_load(filename)
|
96
|
-
if ActiveSupport.const_defined?("Dependencies")
|
97
|
-
ActiveSupport::Dependencies.require_or_load(filename)
|
98
|
-
else
|
99
|
-
Dependencies.require_or_load(filename)
|
100
|
-
end
|
101
|
-
end
|
102
|
-
|
103
|
-
def class_name_from_file(str)
|
104
|
-
str.split(".")[0].split("/").collect{|s| s.camelize }.join("::")
|
105
|
-
end
|
106
|
-
|
107
|
-
def qualified_const_get(klass)
|
108
|
-
if klass =~ /::/
|
109
|
-
namespace, klass = klass.split("::")
|
110
|
-
eval(namespace).const_get(klass)
|
111
|
-
else
|
112
|
-
const_get(klass)
|
113
|
-
end
|
114
|
-
end
|
115
|
-
end
|
116
|
-
end
|
@@ -1,126 +0,0 @@
|
|
1
|
-
module RoleAuthorization
|
2
|
-
module Exts
|
3
|
-
module Controller
|
4
|
-
def self.included(base)
|
5
|
-
base.class_eval do
|
6
|
-
helper_method :authorized?
|
7
|
-
helper_method :accessible?
|
8
|
-
end
|
9
|
-
base.send :extend, RoleAuthorization::Ruleset::ClassMethods
|
10
|
-
base.send :cattr_ruleset, :ruleset, :allowable_groups
|
11
|
-
base.send :extend, ClassMethods
|
12
|
-
|
13
|
-
base.send :include, InstanceMethods
|
14
|
-
end
|
15
|
-
|
16
|
-
module ClassMethods
|
17
|
-
def allow_group(*args)
|
18
|
-
add_to_allowable_groups(self.controller_rule_name, args)
|
19
|
-
add_role_authorization_filter
|
20
|
-
end
|
21
|
-
|
22
|
-
def allow(&block)
|
23
|
-
add_to_ruleset(self.controller_rule_name, &block)
|
24
|
-
add_role_authorization_filter
|
25
|
-
end
|
26
|
-
|
27
|
-
def add_role_authorization_filter
|
28
|
-
callbacks = _process_action_callbacks
|
29
|
-
chain = callbacks.select {|cl| cl.klass.to_s.include?(name)}.collect(&:filter).select {|c| c.is_a?(Symbol)}
|
30
|
-
before_filter :check_request_authorization unless chain.include?(:check_request_authorization)
|
31
|
-
end
|
32
|
-
|
33
|
-
def controller_rule_name
|
34
|
-
@controller_rule_name ||= name.gsub('Controller', '').underscore.downcase
|
35
|
-
end
|
36
|
-
|
37
|
-
def controller_model
|
38
|
-
@controller_model ||= name.gsub('Controller', '').singularize
|
39
|
-
end
|
40
|
-
end # ClassMethods
|
41
|
-
|
42
|
-
module InstanceMethods
|
43
|
-
def check_request_authorization
|
44
|
-
unless authorized_action?(self, self.class.controller_rule_name, action_name.to_sym, params[:id])
|
45
|
-
raise SecurityError, "You do not have the required clearance to access this resource."
|
46
|
-
end
|
47
|
-
end
|
48
|
-
|
49
|
-
def authorized_action?(controller_klass, controller, action, id = nil)
|
50
|
-
# by default admins see everything
|
51
|
-
return true if current_user_is_admin?
|
52
|
-
|
53
|
-
ruleset = self.class.ruleset[controller]
|
54
|
-
groups = RoleAuthorization::AllowGroup.get(self.class.allowable_groups[controller])
|
55
|
-
|
56
|
-
if defined?(DEBUG_AUTHORIZATION_RULES) == 'constant'
|
57
|
-
Rails.logger.info "#" * 60
|
58
|
-
Rails.logger.info ruleset.to_s
|
59
|
-
Rails.logger.info "#" * 60
|
60
|
-
end
|
61
|
-
|
62
|
-
# we have no ruleset for this controller or any allow groups so deny
|
63
|
-
return false if ruleset.nil? && groups.empty?
|
64
|
-
|
65
|
-
# first check controller ruleset
|
66
|
-
unless ruleset.nil?
|
67
|
-
return true if ruleset.authorized?(controller_klass, controller, :all, id)
|
68
|
-
return true if ruleset.authorized?(controller_klass, controller, action, id)
|
69
|
-
end
|
70
|
-
|
71
|
-
# next check any allow groups
|
72
|
-
unless groups.empty?
|
73
|
-
groups.each do |group|
|
74
|
-
return true if group.authorized?(controller_klass, controller, :all, id)
|
75
|
-
return true if group.authorized?(controller_klass, controller, action, id)
|
76
|
-
end
|
77
|
-
end
|
78
|
-
|
79
|
-
# finally deny if they haven't passed any rules
|
80
|
-
return false
|
81
|
-
end
|
82
|
-
|
83
|
-
def accessible?(access_role)
|
84
|
-
return true if current_user_is_admin?
|
85
|
-
return false if access_role.nil?
|
86
|
-
return true if access_role.name.to_sym == :public
|
87
|
-
return false if session[:access_rights].nil?
|
88
|
-
session[:access_rights].include?(access_role.name.to_sym)
|
89
|
-
end
|
90
|
-
|
91
|
-
def authorized?(url, method = nil)
|
92
|
-
return false unless url
|
93
|
-
return true if current_user_is_admin?
|
94
|
-
|
95
|
-
method ||= (params[:method] || request.method)
|
96
|
-
url_parts = URI::split(url.strip)
|
97
|
-
path = url_parts[5]
|
98
|
-
|
99
|
-
begin
|
100
|
-
hash = Rails.application.routes.recognize_path(path, :method => method)
|
101
|
-
return authorized_action?(self, hash[:controller], hash[:action].to_sym, hash[:id]) if hash
|
102
|
-
rescue Exception => e
|
103
|
-
Rails.logger.error e.inspect
|
104
|
-
e.backtrace.each {|line| Rails.logger.error line }
|
105
|
-
# continue on
|
106
|
-
end
|
107
|
-
|
108
|
-
# Mailto link
|
109
|
-
return true if url =~ /^mailto:/
|
110
|
-
|
111
|
-
# Public file
|
112
|
-
file = File.join(Rails.root, 'public', url)
|
113
|
-
return true if File.exists?(file)
|
114
|
-
|
115
|
-
# Passing in different domain
|
116
|
-
return remote_url?(url_parts[2])
|
117
|
-
end
|
118
|
-
|
119
|
-
def remote_url?(domain = nil)
|
120
|
-
return false if domain.nil? || domain.strip.length == 0
|
121
|
-
request.host.downcase != domain.downcase
|
122
|
-
end
|
123
|
-
end # InstanceMethods
|
124
|
-
end
|
125
|
-
end
|
126
|
-
end
|
@@ -1,126 +0,0 @@
|
|
1
|
-
module RoleAuthorization
|
2
|
-
module Exts
|
3
|
-
module Model
|
4
|
-
def self.included(base)
|
5
|
-
base.send :extend, ClassMethods
|
6
|
-
base.send :include, InstanceMethods
|
7
|
-
end
|
8
|
-
|
9
|
-
module ClassMethods
|
10
|
-
def roleable_options
|
11
|
-
@roleable_options
|
12
|
-
end
|
13
|
-
|
14
|
-
def roleable_options=(options)
|
15
|
-
@roleable_options = options
|
16
|
-
end
|
17
|
-
|
18
|
-
def roleable options = {}
|
19
|
-
has_many :roles, :as => :roleable, :dependent => :delete_all
|
20
|
-
after_create :create_roles
|
21
|
-
|
22
|
-
send(:extend, SpecificClassMethods)
|
23
|
-
|
24
|
-
options[:name] ||= :class
|
25
|
-
|
26
|
-
options[:priority] ||= {}
|
27
|
-
options[:creation_priority] ||= {}
|
28
|
-
options[:roles] ||= [:default]
|
29
|
-
options[:roles].each do |role_name|
|
30
|
-
options[:priority][role_name] ||= 1
|
31
|
-
options[:creation_priority][role_name] ||= 1
|
32
|
-
end
|
33
|
-
|
34
|
-
options[:cache] = {}
|
35
|
-
@roleable_options = options
|
36
|
-
end # roleable
|
37
|
-
|
38
|
-
def enrolled(role_name)
|
39
|
-
roles = Role.all(:conditions => {:roleable_type => self.to_s, :name => role_name.to_s})
|
40
|
-
unless roles.empty?
|
41
|
-
roles.collect(&:users).flatten
|
42
|
-
else
|
43
|
-
[]
|
44
|
-
end
|
45
|
-
end
|
46
|
-
end # ClassMethods
|
47
|
-
|
48
|
-
module SpecificClassMethods
|
49
|
-
def reset_roles
|
50
|
-
all.map(&:reset_roles)
|
51
|
-
end
|
52
|
-
end
|
53
|
-
|
54
|
-
module InstanceMethods
|
55
|
-
|
56
|
-
def reset_roles
|
57
|
-
options = self.class.roleable_options
|
58
|
-
|
59
|
-
mroles = roles.all
|
60
|
-
rejected_roles = mroles.reject {|r| options[:roles].include?(r.name.to_sym)}
|
61
|
-
rejected_roles.map {|rejected_role| rejected_role.destroy}
|
62
|
-
|
63
|
-
valid_roles = mroles - rejected_roles
|
64
|
-
valid_role_names = valid_roles.collect(&:name)
|
65
|
-
new_roles = options[:roles].select {|role| !valid_role_names.include?(role.to_sym)}
|
66
|
-
valid_roles.each do |role|
|
67
|
-
if roles.find_by_name(role.name.to_s).nil?
|
68
|
-
roles.create(:name => role.name.to_s,
|
69
|
-
:display_name => "#{self.send(options[:name])} #{role.name.to_s}",
|
70
|
-
:creation_priority => options[:creation_priority][role.name.to_s],
|
71
|
-
:priority => options[:priority][role.name.to_s])
|
72
|
-
end
|
73
|
-
end
|
74
|
-
new_roles.each do |role|
|
75
|
-
roles.create(:name => role.to_s,
|
76
|
-
:display_name => "#{self.send(options[:name])} #{role.to_s}",
|
77
|
-
:creation_priority => options[:creation_priority][role],
|
78
|
-
:priority => options[:priority][role])
|
79
|
-
end
|
80
|
-
roles(true).all
|
81
|
-
end
|
82
|
-
|
83
|
-
def enroll(user, role)
|
84
|
-
options = self.class.roleable_options
|
85
|
-
role = role.is_a?(Integer) ? roles.find_by_id(role) : roles.find_by_name(role.to_s)
|
86
|
-
user_id = ((user.is_a?(Integer) || user.is_a?(String)) ? user.to_i : user.id)
|
87
|
-
unless role.nil?
|
88
|
-
role.user_roles.create(:user_id => user_id)
|
89
|
-
end
|
90
|
-
end
|
91
|
-
alias_method :assign, :enroll
|
92
|
-
|
93
|
-
def enrolled(role)
|
94
|
-
role = roles.find_by_name(role.to_s)
|
95
|
-
unless role.nil?
|
96
|
-
role.users
|
97
|
-
else
|
98
|
-
[]
|
99
|
-
end
|
100
|
-
end
|
101
|
-
|
102
|
-
def withdraw(user, role = nil)
|
103
|
-
options = self.class.roleable_options
|
104
|
-
role = role.is_a?(Integer) ? roles.find_by_id(role, :include => :user_roles) : roles.find_by_name(role.to_s, :include => :user_roles)
|
105
|
-
user_id = ((user.is_a?(Integer) || user.is_a?(String)) ? user.to_i : user.id)
|
106
|
-
unless role.nil?
|
107
|
-
role.user_roles.first(:conditions => {:user_id => user_id}).try(:destroy)
|
108
|
-
else
|
109
|
-
UserRole.all(:conditions => {:user_id => user_id, :role_id => role_ids}).map(&:destroy)
|
110
|
-
end
|
111
|
-
end
|
112
|
-
|
113
|
-
private
|
114
|
-
def create_roles
|
115
|
-
options = self.class.roleable_options
|
116
|
-
options[:roles].each do |role|
|
117
|
-
roles.create(:name => role.to_s,
|
118
|
-
:display_name => "#{self.send(options[:name])} #{role.to_s}",
|
119
|
-
:creation_priority => options[:creation_priority][role],
|
120
|
-
:priority => options[:priority][role])
|
121
|
-
end
|
122
|
-
end # create_user_roles
|
123
|
-
end # InstanceMethods
|
124
|
-
end
|
125
|
-
end
|
126
|
-
end
|
@@ -1,52 +0,0 @@
|
|
1
|
-
module RoleAuthorization
|
2
|
-
module Exts
|
3
|
-
module Session
|
4
|
-
def self.included(base)
|
5
|
-
base.send :include, InstanceMethods
|
6
|
-
base.class_eval do
|
7
|
-
helper_method :current_user_is_admin?
|
8
|
-
helper_method :admin?
|
9
|
-
helper_method :access_in_role?
|
10
|
-
end
|
11
|
-
end
|
12
|
-
|
13
|
-
module InstanceMethods
|
14
|
-
protected
|
15
|
-
|
16
|
-
def add_role_authorization_session_values(user = nil)
|
17
|
-
user ||= current_user
|
18
|
-
|
19
|
-
if user
|
20
|
-
roles = user.roles.where({:roleable_id => nil}).all
|
21
|
-
session[:access_rights] = roles.collect {|role| role.name.to_sym}
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
def current_user_is_admin?
|
26
|
-
!session[:access_rights].nil? && session[:access_rights].include?(:all)
|
27
|
-
end
|
28
|
-
|
29
|
-
def admin?
|
30
|
-
current_user_is_admin?
|
31
|
-
end
|
32
|
-
|
33
|
-
def access_in_role?(role)
|
34
|
-
return true if current_user_is_admin?
|
35
|
-
return true if session_access_rights_include?(role)
|
36
|
-
false
|
37
|
-
end
|
38
|
-
|
39
|
-
def session_access_rights_include?(role)
|
40
|
-
return false unless session[:access_rights]
|
41
|
-
session[:access_rights].include?(role)
|
42
|
-
end
|
43
|
-
|
44
|
-
def reset_role_authorization_session
|
45
|
-
[:access_rights].each do |val|
|
46
|
-
session[val] = nil if session[val]
|
47
|
-
end
|
48
|
-
end
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|
52
|
-
end
|