role_based_authorization 0.2.1 → 0.3.0

data/README.rdoc

@@ -5,25 +5,26 @@ This library provide a very simple authorization system. It should work fine wit
 for my needs. 
 
 Installation:
+
 * install the role_based_authorization by issuing:
-	gem install role_based_authorization
+        gem install role_based_authorization
   or by adding
-	config.gem "role_based_authorization"
+        config.gem "role_based_authorization"
   to your rails config file and then running 'rake gems:install'
 
   
 * in your application controller: include the module RoleBasedAuthorization:
 
-	class ApplicationController < ActionController::Base
-	  [...]
-	  include RoleBasedAuthorization
-	  [...]
-	end
+        class ApplicationController < ActionController::Base
+          [...]
+          include RoleBasedAuthorization
+          [...]
+        end
 			
 * in your controller classes: use the permission statements (described below) to grant and deny authorizations to the controller methods.
 
 
-The inclusion of RoleBasedAuthorization serves three purposes: it allows subclasses of the application controller to use the 'permit' method during their definition, it and provides an "authorized?" method that implements the authorization logic, and it creates an helper method to be used in views.
+The inclusion of RoleBasedAuthorization serves three purposes: it allows subclasses of the application controller to use the 'permit' method during their definition, it provides an "authorized?" method that implements the authorization logic, and it creates an helper method to be used in views.
 
 == Requirements
 
@@ -43,32 +44,33 @@ You can specify your authorization logic by adding a number of 'permit' calls to
 An important thing to keep in mind is that role_based_authorization assumes that EVERYTHING IS FORBIDDEN unless otherwise specified. Then, if you do not specify any permission rule, you will end up with a very secure (though useless) application.
 
 The permission statement takes the form:
-
-	permit 	:actions => [list of actions], 
-			:to  => [list of roles], 
-			:if  => lambda_expression,
-			:object_id => object_id_symbol
+         permit :actions => [list of actions], 
+                 :to  => [list of roles], 
+                 :if  => lambda_expression,
+                 :object_id => object_id_symbol
 
 you can add any number of these in anyone of your controller.
 
 permit options:
 
-<b>:to</b>::  
-	the list of roles interested by this rule. The actual contents of this list depends on what your application defines to be a role. If you use integers, it could be a vector like [1,4] or as [ROOT, ADMIN], where ROOT and ADMIN are symbolic costants containing the corresponding integer values. You can specify all roles by specifying :all in place of the role list.
+<b>:to</b>::
+  the list of roles interested by this rule. The actual contents of this list depends on what your application defines to be a role. If you use integers, it could be a vector like [1,4] or as [ROOT, ADMIN], where ROOT and ADMIN are symbolic costants containing the corresponding integer values. You can specify all roles by specifying :all in place of the role list.
+
 
 <b>:actions</b>::  
-	the list of actions that are permitted to the mentioned roles. Actions are actual method names of the current controller and can be given as symbols or as strings. For instance ['index', 'show'] is equivalent to [:index, :show]. You can grant access to all actions by specifying :all instead of the action list. 
+  the list of actions that are permitted to the mentioned roles. Actions are actual method names of the current controller and can be given as symbols or as strings. For instance ['index', 'show'] is equivalent to [:index, :show]. You can grant access to all actions by specifying :all instead of the action list. 
+
 
 <b>:if</b>:: 
-	a lambda expression that verifies additional conditions. The lambda expression takes two arguments: the current user and the id of an object. For instance you may want to verify that "normal" users could only modify objects that they own. You can say that by specifying: 
-		permit :actions => [:edit, :update], 
-			:to => [NORMAL], 
-			:if => lambda { |user, obj_id| TheObject.find(obj_id).owner == user }
-			
+  a lambda expression that verifies additional conditions. The lambda expression takes two arguments: the current user and the id of an object. For instance you may want to verify that "normal" users could only modify objects that they own. You can say that by specifying: 
+        permit :actions => [:edit, :update], 
+               :to => [NORMAL], 
+               :if => lambda { |user, obj_id| TheObject.find(obj_id).owner == user }
+
 <b>:object_id</b>:: 
-	normally the object id passed to the lambda expression of the :if option is retrieved from the params hash using :id (i.e. normally obj_id = params[:id]), you can specify other identifiers using this option, e.g.:
-		:object_id => :product_id
-	specifies that :product_id should be used instead of :id.
+  normally the object id passed to the lambda expression of the <tt>:if</tt> option is retrieved from the params hash using <tt>:id</tt> (i.e. normally <tt>obj_id = params[:id]</tt>), you can specify other identifiers using this option, e.g.: 
+     <tt>:object_id => :product_id</tt>
+  specifies that :product_id should be used instead of :id.
 
 == authorized?
 
@@ -84,21 +86,20 @@ This is a more general version of :authorized?. The difference between the two i
 == if_authorized? helper method	
 
 It often happens that parts of a view is to be displayed only if a given action is authorized. This clutters your view with code like:
-
-	if authorize_action?(:controller => xxx, :action => yyy) .... link_to 'zzz', :controller => xxx, :action => yyy end
+   if authorize_action?(:controller => xxx, :action => yyy) .... link_to 'zzz', :controller => xxx, :action => yyy end
 
 clearly there is a lot of duplication in this code. if_authorized? takes the same parameters as authorize_action? and a block. The block is called only if authorize_action? returns true and the parameters are passed to the block. This allows to clean up your view as follows:
 
-	if_authorized?(:controller => xxx, :action => yyy) do |opts|
-		...
-		link_to 'zzz', opts
-	end
+  if_authorized?(:controller => xxx, :action => yyy) do |opts|
+     ...
+     link_to 'zzz', opts
+  end
 	
 This works also if you use resource paths as in:
 
-	if_authorized?( edit_product_path ) do |opts|
-		link_to 'zzz', opts
-	end
+  if_authorized?( edit_product_path ) do |opts|
+     link_to 'zzz', opts
+  end
 	
 == Logging
 
@@ -109,43 +110,43 @@ The authorization system logs each access attempt to #{Rails.root}/log/authoriza
 
 I usually add a Roles class to my project (I place it in the model directory even though it is not connected to any db table). It's definition is:
 
-	class Role
-	  # define below valid roles for your application
-	  ROLES = { :user => 1, :administrator => 2, :root => 3 }
-  
-	  # call this function in your permit actions 
-	  def Role.[](role)
-	    role = ROLES[role]
-	    raise "given role '#{role}' is not valid" if role.nil?
-	    return role
-	  end
-	end
-
-This allows me to write Role[:root] to specify the root role.
-
-Example 1: Grant all powers to the root role (this rule is usually found in your application controller)
+        class Role
+          # define below valid roles for your application
+          ROLES = { :user => 1, :administrator => 2, :root => 3 }
+          
+          # call this function in your permit actions 
+          def Role.[](role)
+            role = ROLES[role]
+            raise "given role '#{role}' is not valid" if role.nil?
+            return role
+          end
+        end
+
+This allows me to write <tt>Role[:root]</tt> to specify the root role.
+
+<b>Example 1:</b> Grant all powers to the root role (this rule is usually found in your application controller)
 	
-	permit :actions => :all, :to => Role[:root]
+        permit :actions => :all, :to => Role[:root]
 	
-Example 2: Grant view actions to normal users, edit actions to administrators
+<b>Example 2:</b> Grant view actions to normal users, edit actions to administrators
 
-	permit :actions => [:index, :show],
-		   :to => Role[:user]
-	permit :actions => [:edit, :update, :destroy],
-		   :to => Role[:admin]
+        permit :actions => [:index, :show],
+               :to => Role[:user]
+        permit :actions => [:edit, :update, :destroy],
+               :to => Role[:admin]
 		
-Example 3: Adding a rule to allow users to edit their own data (let us assume that the controller manages objects of type Product):
+<b>Example 3:</b> Adding a rule to allow users to edit their own data (let us assume that the controller manages objects of type Product):
 
-	permit :actions => [:edit, :update],
-		   :to => Role[:user].
-		   :if => lambda { |user, obj_id| Product.find(obj_id).owner == user }
+        permit :actions => [:edit, :update],
+               :to => Role[:user].
+               :if => lambda { |user, obj_id| Product.find(obj_id).owner == user }
 		 
-Example 4: Let us assume that the current controller does not manage products, but that you want to check for the product owner anyway. In this case, the product id will not be passed as the :id object into your params hash and the above rule will fail. Amend this problem by telling the permit action how to retrieve the correct id:
+<b>Example 4:</b> Let us assume that the current controller does not manage products, but that you want to check for the product owner anyway. In this case, the product id will not be passed as the :id object into your params hash and the above rule will fail. Amend this problem by telling the permit action how to retrieve the correct id:
 
-	permit :actions => [:edit, :update],
-		   :to => Role[:user].
-		   :if => lambda { |user, obj_id| Product.find(obj_id).owner == user },
-		   :object_id => :product_id
+        permit :actions => [:edit, :update],
+               :to => Role[:user].
+               :if => lambda { |user, obj_id| Product.find(obj_id).owner == user },
+               :object_id => :product_id
 		    
 
 Copyright (c) 2010 Roberto Esposito, released under the MIT license

data/Rakefile

@@ -1,6 +1,6 @@
 require 'rake'
 require 'rake/testtask'
-require 'rake/rdoctask'
+require 'rdoc/task'
 
 desc 'Default: run unit tests.'
 task :default => :test
@@ -34,7 +34,7 @@ begin
     gemspec.email = "boborbt@gmail.com"
     gemspec.homepage = "http://github.com/boborbt/role_based_authorization"
     gemspec.authors = ["Roberto Esposito"]
-    gemspec.add_dependency('rails', '~> 2.3')
+    gemspec.add_dependency('rails', '~> 3')
     gemspec.add_dependency('mocha', '~> 0')
   end
 rescue LoadError

data/VERSION

@@ -1 +1 @@
-0.2.1
+0.3.0

data/lib/role_based_authorization/authorization_logger.rb

@@ -1,6 +1,6 @@
 # Personalizes the authorization logging by adding Auth | in front of each line.
 # It also outputs the time stamp and the severity of the log message.
-class AuthorizationLogger < Logger
+class AuthorizationLogger < ActiveSupport::BufferedLogger
   # Prefix for each message
   AUTHORIZATION_SYSTEM_LOG_MSG_PREFIX = 'Auth |'
   

data/lib/role_based_authorization/role_based_authorization.rb

@@ -35,7 +35,7 @@ module RoleBasedAuthorization
   def RoleBasedAuthorization.path_or_options_to_options(opts)
     path_cleanup_regexp = %r{(#{ActionController::Base.relative_url_root})?}
        
-    url_options = (opts.class <= String) && ActionController::Routing::Routes.recognize_path(opts.gsub(path_cleanup_regexp,''))
+    url_options = (opts.class <= String) && Rails.application.routes.recognize_path(opts.gsub(path_cleanup_regexp,''))
     url_options ||= opts.dup
     
     url_options

data/role_based_authorization.gemspec

@@ -1,61 +1,53 @@
 # Generated by jeweler
 # DO NOT EDIT THIS FILE DIRECTLY
-# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# Instead, edit Jeweler::Tasks in Rakefile, and run 'rake gemspec'
 # -*- encoding: utf-8 -*-
 
 Gem::Specification.new do |s|
-  s.name = %q{role_based_authorization}
-  s.version = "0.2.1"
+  s.name = "role_based_authorization"
+  s.version = "0.3.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Roberto Esposito"]
-  s.date = %q{2012-08-01}
-  s.description = %q{Provides a simple DSL for specifying the authorization logic of your application. Install the gem, add a role attribute to your user model and your almost ready to go.}
-  s.email = %q{boborbt@gmail.com}
+  s.date = "2013-05-28"
+  s.description = "Provides a simple DSL for specifying the authorization logic of your application. Install the gem, add a role attribute to your user model and your almost ready to go."
+  s.email = "boborbt@gmail.com"
   s.extra_rdoc_files = [
     "README.rdoc"
   ]
   s.files = [
-    ".gitignore",
-     "MIT-LICENSE",
-     "README.rdoc",
-     "Rakefile",
-     "VERSION",
-     "lib/role_based_authorization.rb",
-     "lib/role_based_authorization/authorization_logger.rb",
-     "lib/role_based_authorization/class_additions.rb",
-     "lib/role_based_authorization/role_based_authorization.rb",
-     "lib/role_based_authorization/rule.rb",
-     "rails/init.rb",
-     "role_based_authorization.gemspec",
-     "test/authorization_logger_test.rb",
-     "test/role_based_authorization_test.rb",
-     "test/test_helper.rb"
-  ]
-  s.homepage = %q{http://github.com/boborbt/role_based_authorization}
-  s.rdoc_options = ["--charset=UTF-8"]
-  s.require_paths = ["lib"]
-  s.rubygems_version = %q{1.3.6}
-  s.summary = %q{Basic authorization module for rails}
-  s.test_files = [
+    "MIT-LICENSE",
+    "README.rdoc",
+    "Rakefile",
+    "VERSION",
+    "lib/role_based_authorization.rb",
+    "lib/role_based_authorization/authorization_logger.rb",
+    "lib/role_based_authorization/class_additions.rb",
+    "lib/role_based_authorization/role_based_authorization.rb",
+    "lib/role_based_authorization/rule.rb",
+    "rails/init.rb",
+    "role_based_authorization.gemspec",
     "test/authorization_logger_test.rb",
-     "test/role_based_authorization_test.rb",
-     "test/test_helper.rb"
+    "test/role_based_authorization_test.rb",
+    "test/test_helper.rb"
   ]
+  s.homepage = "http://github.com/boborbt/role_based_authorization"
+  s.require_paths = ["lib"]
+  s.rubygems_version = "1.8.24"
+  s.summary = "Basic authorization module for rails"
 
   if s.respond_to? :specification_version then
-    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
     s.specification_version = 3
 
-    if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
-      s.add_runtime_dependency(%q<rails>, ["~> 2.3"])
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_runtime_dependency(%q<rails>, ["~> 3"])
       s.add_runtime_dependency(%q<mocha>, ["~> 0"])
     else
-      s.add_dependency(%q<rails>, ["~> 2.3"])
+      s.add_dependency(%q<rails>, ["~> 3"])
       s.add_dependency(%q<mocha>, ["~> 0"])
     end
   else
-    s.add_dependency(%q<rails>, ["~> 2.3"])
+    s.add_dependency(%q<rails>, ["~> 3"])
     s.add_dependency(%q<mocha>, ["~> 0"])
   end
 end

data/test/authorization_logger_test.rb

@@ -3,7 +3,7 @@ require 'role_based_authorization'
 
 class AuthorizationLoggerTest < ActiveSupport::TestCase
   def setup
-    @logger = AuthorizationLogger.new(nil)
+    @logger = AuthorizationLogger.new('/dev/null')
   end
   
   

data/test/test_helper.rb

@@ -1,9 +1,10 @@
 require 'rubygems'
-gem 'rails', '~>2.3.14'
+gem 'rails', '~>3'
 require 'active_support'
 require 'action_controller'
 require 'active_support/test_case'
 require 'test/unit'
+require 'rails'
 
 RAILS_ROOT='.'
 AUTH_LOG_DIR = File.join(RAILS_ROOT,'log')
@@ -11,11 +12,13 @@ Dir.mkdir(AUTH_LOG_DIR) unless File.directory?(AUTH_LOG_DIR)
 
 
 module Rails
-  def Rails.root
+  def Rails.root  
     '.'
   end
 end
 
-ActionController::Routing::Routes.draw do |map|
-  map.dummy_low_action '/dummy/very_low_security', :controller => :dummy, :action => :very_low_security
+Rails.application = Rails::Application.instance_exec { new }
+
+Rails.application.routes.draw do
+  match '/dummy/very_low_security', :controller => :dummy, :action => :very_low_security
 end

metadata

@@ -1,57 +1,57 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: role_based_authorization
-version: !ruby/object:Gem::Version 
-  prerelease: false
-  segments: 
-  - 0
-  - 2
-  - 1
-  version: 0.2.1
+version: !ruby/object:Gem::Version
+  version: 0.3.0
+  prerelease: 
 platform: ruby
-authors: 
+authors:
 - Roberto Esposito
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2012-08-01 00:00:00 +02:00
-default_executable: 
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2013-05-28 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: rails
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
-    requirements: 
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        segments: 
-        - 2
-        - 3
-        version: "2.3"
+      - !ruby/object:Gem::Version
+        version: '3'
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: mocha
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
-    requirements: 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '3'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        version: "0"
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :runtime
-  version_requirements: *id002
-description: Provides a simple DSL for specifying the authorization logic of your application. Install the gem, add a role attribute to your user model and your almost ready to go.
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '0'
+description: Provides a simple DSL for specifying the authorization logic of your
+  application. Install the gem, add a role attribute to your user model and your almost
+  ready to go.
 email: boborbt@gmail.com
 executables: []
-
 extensions: []
-
-extra_rdoc_files: 
+extra_rdoc_files:
 - README.rdoc
-files: 
-- .gitignore
+files:
 - MIT-LICENSE
 - README.rdoc
 - Rakefile
@@ -66,37 +66,28 @@ files:
 - test/authorization_logger_test.rb
 - test/role_based_authorization_test.rb
 - test/test_helper.rb
-has_rdoc: true
 homepage: http://github.com/boborbt/role_based_authorization
 licenses: []
-
 post_install_message: 
-rdoc_options: 
-- --charset=UTF-8
-require_paths: 
+rdoc_options: []
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      segments: 
-      - 0
-      version: "0"
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
-rubygems_version: 1.3.6
+rubygems_version: 1.8.24
 signing_key: 
 specification_version: 3
 summary: Basic authorization module for rails
-test_files: 
-- test/authorization_logger_test.rb
-- test/role_based_authorization_test.rb
-- test/test_helper.rb
+test_files: []

data/.gitignore

@@ -1,4 +0,0 @@
-pkg
-rdoc
-log
-test/log