role_authorization 0.1.6 → 0.2.0

data/lib/role_authorization/exts/user.rb

@@ -1,58 +0,0 @@
-module RoleAuthorization
-  module Exts
-    module User
-      def self.included(base)
-        base.send :extend, ClassMethods
-        base.send :include, InstanceMethods
-
-        base.class_eval do
-          has_many :user_roles, :dependent => :delete_all
-          has_many :roles, :through => :user_roles
-        end
-      end
-
-      module ClassMethods
-        def enroll(user_id, role_name)
-          user = find_by_id(user_id.to_i)
-          user.enroll(role_name) unless user.nil?
-        end # enroll
-
-        def withdraw(user_id, role_name)
-          user = find_by_id(user_id.to_i)
-          user.withdraw(role_name) unless user.nil?
-        end # withdraw
-      end # ClassMethods
-
-      module InstanceMethods
-        # has_object_role? simply needs to return true or false whether a user has a role or not.
-        # It may be a good idea to have "admin" roles return true always
-        # Return false always for anonymous users
-        def has_object_role?(role, object)
-          return false if self.anonymous?
-
-          @object_user_roles ||= roles.all(:conditions => ["roleable_type IS NOT NULL and roleable_id IS NOT NULL"])
-          result = @object_user_roles.detect do |r|
-            r.roleable_type == object.class.to_s && r.roleable_id == object.id && r.name == role.to_s
-          end
-          !result.nil?
-        end
-
-        # adds a role to the user
-        def enroll(role_name)
-          role_id = role_name.is_a?(Integer) ? role_name : Role.find_by_name(role_name.to_s).try(:id)
-          user_roles.create(:role_id => role_id) if !role_id.nil? && self.user_roles.find_by_role_id(role_id).nil?
-        end
-
-        def withdraw(role_name)
-          role_id = role_name.is_a?(Integer) ? role_name : Role.find_by_name(role_name.to_s).try(:id)
-          UserRole.delete_all(["user_id = ? AND role_id = ?", self.id, role_id]) unless role_id.nil?
-        end
-
-        def admin?
-          return true if roles.include?(Role.get(:all))
-          false
-        end
-      end # InstanceMethods
-    end
-  end
-end

data/lib/role_authorization/exts/view.rb

@@ -1,77 +0,0 @@
-module RoleAuthorization
-  module Exts
-    module View
-       def self.included(base)
-         base.class_eval do
-           alias_method :link_to_open, :link_to
-           alias_method :link_to, :link_to_secured
-
-           alias_method :button_to_open, :button_to
-           alias_method :button_to, :button_to_secured
-
-           alias_method :form_for_open, :form_for
-           alias_method :form_for, :form_for_secured
-         end
-       end
-
-      def form_for_secured(record_or_name_or_array, *args, &proc)
-        options = args.last.is_a?(Hash) ? args.last : {}
-
-        url = url_for(options[:url] || record_or_name_or_array)
-
-        method = (options[:html] && options[:html].has_key?(:method)) ? options[:html][:method] : :post
-
-        if authorized?(url, method)
-          return form_for_open(record_or_name_or_array, *args, &proc)
-        else
-          return ""
-        end
-      end
-
-      def link_to_secured(name, options = {}, html_options = {})
-        url = url_for(options)
-
-        method = (html_options && html_options.has_key?(:method)) ? html_options[:method] : :get
-
-        if authorized?(url, method)
-          return link_to_open(name, url, html_options)
-        else
-          return ""
-        end
-      end
-
-      def button_to_secured(name, options = {}, html_options = {})
-        url = url_for(options)
-
-        method = (html_options && html_options.has_key?(:method)) ? html_options[:method] : :post
-
-        if authorized?(url, method)
-          return button_to_open(name, url, html_options)
-        else
-          return ""
-        end
-      end
-
-      def role(*user_roles, &block)
-        if block_given? && !session[:access_rights].blank? && !(user_roles & session[:access_rights]).empty?
-          capture_haml(&block)
-        end
-      end
-
-      def permitted_to?(url, method, &block)
-        capture_haml(&block) if block_given? && authorized?(url, method)
-      end
-
-      def link_to_or_show(name, options = {}, html_options = nil)
-        lnk = link_to(name, options, html_options)
-        lnk.length == 0 ? name : lnk
-      end
-
-      def links(*lis)
-        rvalue = []
-        lis.each{|link| rvalue << link if link.length > 0 }
-        rvalue.join(' | ')
-      end
-    end # View
-  end
-end

data/lib/role_authorization/mapper.rb

@@ -1,76 +0,0 @@
-module RoleAuthorization
-  class Mapper
-    def initialize(controller_klass)
-      @controller_klass = controller_klass
-      @rules = Hash.new do |h,k|
-        h[k] = Hash.new do |h1,k1|
-          h1[k1] = Array.new
-        end
-      end
-      self
-    end
-
-    def to_s
-      output = []
-      @rules.each_pair do |action, rules|
-        output << "Action :#{action}"
-        output << "    allow roles #{rules[:roles].inspect}" unless rules[:roles].nil? || rules[:roles].empty?
-        rules[:rules].map {|rule| output << "    #{rule.to_s}"} if rules.has_key?(:rules)
-        output << ""
-        output << ""
-      end
-
-      output.join("\n")
-    end
-
-    # special role rules
-    def all(options={}, &block)
-      options.assert_valid_keys(:only)
-      rule(:all, :role, options, &block)
-    end
-
-    def role(user_role, options={}, &block)
-      options.assert_valid_keys(:check, :only)
-      rule(user_role, :role, options, &block)
-    end
-
-    def authorized?(controller_instance, controller, action, id = nil)
-      rules = @rules[action]
-
-      return false if rules.empty?
-      return true if rules[:roles].include?(:all)
-      unless controller_instance.session[:access_rights].nil?
-        return true if !(rules[:roles] & controller_instance.session[:access_rights]).empty?
-      end
-
-      if rules.has_key?(:rules)
-        rules[:rules].each do |rule|
-          return true if rule.authorized?(controller_instance, controller, action, id)
-        end
-      end
-
-      return false
-    end
-
-    private
-
-    # rule method
-    def rule(user_role, type, options={}, &block)
-      actions = [options.delete(:only) || [:all]].flatten.collect {|v| v.to_sym}
-
-      case type
-      when :role
-        irule = nil
-        role_or_type = user_role
-      else
-        irule = "RoleAuthorization::Rules::#{type.to_s.camelize}".constantize.new(@controller_klass, options.merge(:role => user_role), &block)
-        role_or_type = type
-      end
-
-      actions.each do |action|
-        @rules[action][:roles] << role_or_type if irule.nil?
-        @rules[action][:rules] << irule unless irule.nil?
-      end
-    end
-  end
-end

data/lib/role_authorization/rules/access.rb

@@ -1,88 +0,0 @@
-module RoleAuthorization
-  # define our rule helper in Mapper
-  class Mapper
-    def access(options={}, &block)
-      options.assert_valid_keys(:resource, :only, :no_send)
-      rule(:access, :access, options, &block)
-    end
-  end
-
-  module Rules
-    class Access < Basic
-      def initialize(controller, options, &block)
-        @controller_klass = controller
-        @options = {:no_send => false}.merge(options)
-        @block = block
-        @mapper = nil
-
-        unless @block.nil?
-          @mapper = RoleAuthorization::Mapper.new(@controller_klass)
-          @mapper.instance_eval(&@block)
-        end
-        self
-      end
-
-      def to_s
-        output = ["allow current_user with access role of requested #{[controller_name.singularize, @options[:check]].compact.join('.')}"]
-        output << @mapper.to_s
-      end
-
-      def authorized?(controller_instance, controller, action, id)
-        object = find_object(controller_instance, controller, action, id)
-        unless object.nil?
-          return true if controller_instance.accessible?(object.access_role)
-        end
-
-        if !@mapper.nil? && object.try(:access_role).nil?
-          return true if @mapper.authorized?(controller_instance, controller, action, object)
-        end
-        return false
-      end
-
-      def find_object(controller_instance, controller, action, id)
-        object = nil
-        instance_found = false
-
-        if id.is_a?(Integer) || id.is_a?(String)
-          # id is a parameter passed in
-          # we use the :resource option to find the right instance variable
-          object = controller_instance.instance_variable_get('@' + @options[:resource].to_s) rescue nil
-          instance_found = true unless object.nil?
-
-          if object.nil? && controller_instance.instance_variable_get('@' + controller)
-            collection = controller_instance.instance_variable_get('@' + controller)
-            object = collection.detect {|item| item.andand.id == id.to_i}
-          end
-
-          if object.nil?
-            model = controller.singularize.camelize.constantize
-            if model.respond_to?(:to_param_column)
-              finder = "find_by_#{model.to_param_column}".to_sym
-            else
-              finder = :find_by_id
-              id = id.to_i
-            end
-
-            object = model.send(finder, id)
-          end
-
-          unless object.nil?
-            if @options.has_key?(:resource) && !@options[:no_send] && !instance_found && object.respond_to?(@options[:resource])
-              object = object.send(@options[:resource])
-            end
-          end
-        elsif id.is_a?(ActiveRecord::Base) && @options.has_key?(:resource)
-          # id is already a model record so this is a nested rule
-
-          # first try to find it as an instance variable
-          object = controller_instance.instance_variable_get('@' + @options[:resource].to_s) rescue nil
-
-          # next we call id's method to find it
-          object = id.send(@options[:resource]) if object.nil?
-        end
-
-        return object
-      end
-    end # Access
-  end
-end

data/lib/role_authorization/rules/basic.rb

@@ -1,22 +0,0 @@
-module RoleAuthorization
-  module Rules
-    class Basic
-      def initialize(controller, options, &block)
-        @controller_klass = controller
-        self
-      end
-
-      def to_s
-        "deny all (basic rule)"
-      end
-
-      def controller_name
-        @controller_klass.to_s.gsub('Controller', '')
-      end
-
-      def authorized?(controller_instance, controller, action, id)
-        return false
-      end
-    end
-  end
-end

data/lib/role_authorization/rules/custom.rb

@@ -1,32 +0,0 @@
-module RoleAuthorization
-  # define our rule helper in Mapper
-  class Mapper
-    def custom(options={}, &block)
-      options.assert_valid_keys(:only, :description)
-      rule(:custom, :custom, options, &block)
-    end
-  end
-
-  module Rules
-    class Custom < Basic
-      def initialize(controller, options, &block)
-        @controller_klass = controller
-        @options = options
-        @block = block
-        self
-      end
-
-      def to_s
-        "allow when custom rule (#{@options[:description]}) returns true"
-      end
-
-      def authorized?(controller_instance, controller, action, id)
-        unless @block.nil?
-          result = @block.call(controller_instance)
-          return true unless result == false || result.nil?
-        end
-        return false
-      end
-    end
-  end
-end

data/lib/role_authorization/rules/object_role.rb

@@ -1,51 +0,0 @@
-module RoleAuthorization
-  # define our rule helper in Mapper
-  class Mapper
-    def object_role(user_role, options={}, &block)
-      options.assert_valid_keys(:only, :resource, :type)
-      rule(user_role, :object_role, options, &block)
-    end
-  end
-
-  module Rules
-    class ObjectRole < Basic
-      def initialize(controller, options, &block)
-        @controller_klass = controller
-        @options = options
-        self
-      end
-
-      def to_s
-        if @options[:resource]
-          "allow when current_user has the role (#{@options[:role]}) for a specific object (#{@options[:resource]})"
-        else
-          "allow when current_user has the role (#{@options[:role]}) for any object of type #{@options[:type]}"
-        end
-      end
-
-      def authorized?(controller_instance, controller, action, id)
-        object = @options[:resource].nil? ? nil : find_object(controller_instance) if @options[:resource]
-
-        if object
-          return true if controller_instance.current_user.has_object_role?(object, @options[:role])
-        elsif @options[:type].constantize.respond_to?(:enrolled)
-          return true if @options[:type].constantize.enrolled(@options[:role]).include?(controller_instance.current_user)
-        end
-
-        return false
-      end
-
-      def find_object(controller_instance)
-        # try to find as instance variable
-        object = controller_instance.instance_variable_get("@#{@options[:resource]}".to_sym) rescue nil
-
-        # try to find based on params
-        if object.nil? && !controller_instance.params["#{@options[:resource]}_id"].blank?
-          object = @options[:type].constantize.find_by_id(controller_instance.params["#{@options[:resource]}_id"])
-        end
-
-        object
-      end
-    end
-  end
-end

data/lib/role_authorization/rules/resource.rb

@@ -1,106 +0,0 @@
-module RoleAuthorization
-  # define our rule helper in Mapper
-  class Mapper
-    def resource(user_role, options={}, &block)
-      options.assert_valid_keys(:resource, :only, :no_send)
-      rule(user_role, :resource, options, &block)
-    end
-  end
-
-  module Rules
-    class Resource < Basic
-      def initialize(controller, options, &block)
-        @controller_klass = controller
-        @options = {:no_send => false}.merge(options)
-        @block = block
-        @mapper = nil
-
-        unless @block.nil?
-          @mapper = RoleAuthorization::Mapper.new(@controller_klass)
-          @mapper.instance_eval(&@block)
-        end
-        self
-      end
-
-      def to_s
-        output = ["allow current_user with role :#{@options[:role]} of requested resource #{@options[:resource]}"]
-        output << @mapper.to_s
-      end
-
-      def authorized?(controller_instance, controller, action, id)
-        object = find_object(controller_instance, controller, action, id)
-        return true if controller_instance.current_user.has_object_role?(@options[:role], object) unless object.nil?
-
-        unless @mapper.nil?
-          return true if @mapper.authorized?(controller_instance, controller, action, object)
-        end
-
-        return false
-      end
-
-      def find_object(controller_instance, controller, action, id)
-        object = nil
-        instance_found = false
-
-        if id.is_a?(Integer) || id.is_a?(String)
-          # id is a parameter passed in
-          # we use the :resource option to find the right instance variable
-          object = controller_instance.instance_variable_get('@' + @options[:resource].to_s) rescue nil
-          instance_found = true unless object.nil?
-
-          if controller_instance.instance_variable_defined?('@' + controller)
-            collection = controller_instance.instance_variable_get('@' + controller)
-            object = collection.detect {|item| item.andand.id == id.to_i}
-          end
-
-          if object.nil?
-            model = controller.singularize.camelize.constantize
-            if model.respond_to?(:to_param_column)
-              finder = "find_by_#{model.to_param_column}".to_sym
-            else
-              finder = :find_by_id
-              id = id.to_i
-            end
-
-            object = model.send(finder, id)
-          end
-
-          unless object.nil?
-            if @options.has_key?(:resource) && !@options[:no_send] && !instance_found && object.respond_to?(@options[:resource])
-              object = object.send(@options[:resource])
-            end
-          end
-        elsif id.is_a?(ActiveRecord::Base) && @options.has_key?(:resource)
-          # id is already a model record so this is a nested rule
-
-          # first try to find it as an instance variable
-          object = controller_instance.instance_variable_get('@' + @options[:resource].to_s) rescue nil
-
-          if id.respond_to?("#{@options[:resource]}_id") && controller_instance.instance_variable_defined?('@' + @options[:resource].to_s.pluralize)
-            collection = controller_instance.instance_variable_get('@' + @options[:resource].to_s.pluralize)
-            object = collection.detect {|item| item.andand.id == id.send("#{@options[:resource]}_id")}
-          end
-
-          # next we call id's method to find it
-          object = id.send(@options[:resource]) if object.nil?
-        elsif id.nil?
-          # no id means we must be using an association or parent resource for this rule
-
-          if @options.has_key?(:resource)
-            object_base = @options[:resource].to_s
-            object_id = controller_instance.params["#{object_base}_id".to_sym]
-
-            unless object_id.nil?
-              object = controller_instance.instance_variable_get('@' + object_base) rescue nil
-              object = nil unless object.id == object_id
-
-              object = object_base.to_s.camelize.constantize.find_by_id(object_id.to_i) if object.nil?
-            end
-          end
-        end
-
-        return object
-      end # find object
-    end
-  end
-end

data/lib/role_authorization/rules/user.rb

@@ -1,70 +0,0 @@
-module RoleAuthorization
-  # define our rule helper in Mapper
-  class Mapper
-    def user(options={}, &block)
-      options.assert_valid_keys(:check, :only, :resource, :association)
-      rule(:user, :user, options, &block)
-    end
-  end
-
-  module Rules
-    class User < Basic
-      def initialize(controller, options, &block)
-        @controller_klass = controller
-        @options = options
-        self
-      end
-
-      def to_s
-        "allow when current_user.id == #{[@options[:resource], @options[:association], @options[:check]].compact.join('.')}"
-      end
-
-      def authorized?(controller_instance, controller, action, id)
-        object = find_object(controller_instance, controller, action, id)
-
-        unless object.nil?
-          [object].flatten.each do |obj|
-            return true if controller_instance.current_user.owns?(obj.send(@options[:check]))
-          end
-        end
-
-        return false
-      end
-
-      def find_object(controller_instance, controller, action, id)
-        object = nil
-
-        if id.nil? && !@options[:resource].nil?
-          if controller_instance.instance_variable_defined?('@' + @options[:resource].to_s)
-            object = controller_instance.instance_variable_get('@' + @options[:resource].to_s)
-          end
-          model = @options[:resource].to_s.camelize.constantize
-        elsif id.is_a?(Integer) || id.is_a?(String)
-          if controller_instance.instance_variable_defined?('@' + controller)
-            collection = controller_instance.instance_variable_get('@' + controller)
-            object = collection.detect {|item| item.andand.id == id.to_i}
-          end
-          model = controller.singularize.camelize.constantize
-        elsif id.is_a?(ActiveRecord::Base) && @options.has_key?(:check)
-          object = id
-        end
-
-        if object.nil?
-          if model.respond_to?(:to_param_column)
-            finder = "find_by_#{model.to_param_column}".to_sym
-          else
-            finder = :find_by_id
-            id = id.to_i
-          end
-          object = model.send(finder, id)
-        end
-
-        unless object.nil? || @options[:check].nil?
-          object = @options[:association].nil? ? object : object.send(@options[:association])
-        end
-
-        object
-      end
-    end # User
-  end
-end