sinatra-authorize 0.0.1 → 0.0.2
Sign up to get free protection for your applications and to get access to all the features.
- data/Gemfile.lock +1 -1
- data/LICENSE +20 -0
- data/{readme.md → README.md} +3 -23
- data/history.md +10 -0
- data/lib/sinatra-authorize/version.rb +1 -1
- data/lib/sinatra/authorize.rb +26 -20
- data/spec/sinatra/authorize_spec.rb +61 -119
- data/spec/spec_helper.rb +4 -0
- metadata +6 -4
data/Gemfile.lock
CHANGED
data/LICENSE
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2011 Ole Petter Bang <olepbang@gmail.com>
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
'Software'), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
17
|
+
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
18
|
+
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
19
|
+
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
20
|
+
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/{readme.md → README.md}
RENAMED
@@ -68,7 +68,7 @@ routes:
|
|
68
68
|
end
|
69
69
|
|
70
70
|
# Only run for authorized user requests, because of override rule
|
71
|
-
get '/content/:id' :allow => :user do
|
71
|
+
get '/content/:id', :allow => :user do
|
72
72
|
end
|
73
73
|
|
74
74
|
# Only run for authorized admin requests, because of override rule
|
@@ -84,25 +84,5 @@ is evaluated using the default `:allow` rule, whereas the `/content/:id` and
|
|
84
84
|
|
85
85
|
### License
|
86
86
|
|
87
|
-
|
88
|
-
|
89
|
-
Copyright (c) 2011 Ole Petter Bang <olepbang@gmail.com>
|
90
|
-
|
91
|
-
Permission is hereby granted, free of charge, to any person obtaining
|
92
|
-
a copy of this software and associated documentation files (the
|
93
|
-
'Software'), to deal in the Software without restriction, including
|
94
|
-
without limitation the rights to use, copy, modify, merge, publish,
|
95
|
-
distribute, sublicense, and/or sell copies of the Software, and to
|
96
|
-
permit persons to whom the Software is furnished to do so, subject to
|
97
|
-
the following conditions:
|
98
|
-
|
99
|
-
The above copyright notice and this permission notice shall be
|
100
|
-
included in all copies or substantial portions of the Software.
|
101
|
-
|
102
|
-
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
|
103
|
-
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
104
|
-
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
|
105
|
-
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
|
106
|
-
CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
|
107
|
-
TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
|
108
|
-
SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
87
|
+
sinatra-authorize is licensed under the MIT license. See LICENCE for further
|
88
|
+
details.
|
data/history.md
ADDED
data/lib/sinatra/authorize.rb
CHANGED
@@ -2,29 +2,31 @@ require 'sinatra/base'
|
|
2
2
|
|
3
3
|
module Sinatra
|
4
4
|
module Authorize
|
5
|
-
class Condition < Proc
|
5
|
+
class Condition < Proc
|
6
|
+
attr_reader :rule
|
7
|
+
def initialize(rule, &block)
|
8
|
+
@rule = rule
|
9
|
+
super(&block)
|
10
|
+
end
|
11
|
+
end
|
6
12
|
|
7
13
|
def authorize(opts = {}, &block)
|
8
14
|
opts = {opts => []} if opts.is_a?(Symbol)
|
9
15
|
|
10
16
|
if opts[:deny]
|
11
17
|
args = *(opts[:deny])
|
12
|
-
set
|
13
|
-
authorize_condition(:deny, args)
|
14
|
-
})
|
18
|
+
set :authorize_default, Proc.new { authorize_condition(:deny, args) }
|
15
19
|
else
|
16
20
|
args = *(opts[:allow] || [])
|
17
|
-
set
|
18
|
-
authorize_condition(:allow, args)
|
19
|
-
})
|
21
|
+
set :authorize_default, Proc.new { authorize_condition(:allow, args) }
|
20
22
|
end
|
21
23
|
|
22
24
|
if block_given?
|
23
|
-
define_method(:
|
24
|
-
|
25
|
-
remove_method(:
|
25
|
+
define_method(:authorize_block, block)
|
26
|
+
authorize_block = instance_method(:authorize_block)
|
27
|
+
remove_method(:authorize_block)
|
26
28
|
|
27
|
-
set :
|
29
|
+
set :authorize_block, Proc.new { authorize_block }
|
28
30
|
end
|
29
31
|
end
|
30
32
|
|
@@ -37,15 +39,13 @@ module Sinatra
|
|
37
39
|
end
|
38
40
|
|
39
41
|
def authorize_condition(rule, args)
|
40
|
-
Condition.new
|
42
|
+
Condition.new rule do
|
43
|
+
settings.authorize_block.bind(self).call(rule, args)
|
44
|
+
end
|
41
45
|
end
|
42
46
|
|
43
47
|
class << self
|
44
48
|
def registered(app)
|
45
|
-
app.authorize do |rule, args|
|
46
|
-
raise "No authorize block is specified."
|
47
|
-
end
|
48
|
-
|
49
49
|
app.class_eval do
|
50
50
|
alias :old_process_route :process_route
|
51
51
|
|
@@ -63,10 +63,16 @@ module Sinatra
|
|
63
63
|
end
|
64
64
|
|
65
65
|
def authorize_route(conditions)
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
66
|
+
unless settings.respond_to? :authorize_block
|
67
|
+
raise "No authorize block is defined."
|
68
|
+
end
|
69
|
+
|
70
|
+
[settings.authorize_default, *conditions].reverse.each do |cond|
|
71
|
+
value = instance_eval(&cond)
|
72
|
+
return value if value == true || value == false
|
73
|
+
end
|
74
|
+
|
75
|
+
settings.authorize_default.rule == :allow
|
70
76
|
end
|
71
77
|
end
|
72
78
|
end
|
@@ -1,148 +1,90 @@
|
|
1
1
|
require File.join(File.dirname(__FILE__), '..', 'spec_helper')
|
2
2
|
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
get '/'
|
7
|
-
last_response.status.should == 200
|
8
|
-
end
|
9
|
-
|
10
|
-
it 'should allow route with deny none rule' do
|
11
|
-
app.get('/', :deny => :none) {}
|
12
|
-
get '/'
|
13
|
-
last_response.status.should == 200
|
14
|
-
end
|
15
|
-
|
16
|
-
it 'should deny route with deny all rule' do
|
17
|
-
app.get('/', :deny => :all) {}
|
18
|
-
get '/'
|
19
|
-
last_response.status.should == 403
|
20
|
-
end
|
21
|
-
|
22
|
-
it 'should deny route with allow none rule' do
|
23
|
-
app.get('/', :allow => :none) {}
|
24
|
-
get '/'
|
25
|
-
last_response.status.should == 403
|
26
|
-
end
|
3
|
+
def set_and_get(route = '/', rules = {})
|
4
|
+
app.get(route, rules) {}
|
5
|
+
get route
|
27
6
|
end
|
28
7
|
|
29
8
|
describe Sinatra::Authorize do
|
30
|
-
|
31
|
-
before :all do
|
32
|
-
app.authorize do |rule, args|
|
33
|
-
allow_default = lambda do |args|
|
34
|
-
if args == [] || args == [:all]
|
35
|
-
true
|
36
|
-
elsif args == [:none]
|
37
|
-
false
|
38
|
-
else
|
39
|
-
raise "Unknown authorization rule argument: #{args}."
|
40
|
-
end
|
41
|
-
end
|
42
|
-
|
43
|
-
if rule == :allow
|
44
|
-
allow_default.call(args)
|
45
|
-
elsif rule == :deny
|
46
|
-
!allow_default.call(args)
|
47
|
-
else
|
48
|
-
raise "Unknown authorization rule: #{rule}."
|
49
|
-
end
|
50
|
-
end
|
51
|
-
end
|
52
|
-
|
53
|
-
before do
|
9
|
+
before :each do
|
54
10
|
app.reset!
|
11
|
+
if app.respond_to? :authorize_default
|
12
|
+
class << app; undef_method(:authorize_default); end
|
13
|
+
end
|
14
|
+
if app.respond_to? :authorize_block
|
15
|
+
class << app; undef_method(:authorize_block); end
|
16
|
+
end
|
55
17
|
end
|
56
18
|
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
last_response.status.should == 200
|
61
|
-
end
|
62
|
-
|
63
|
-
it_behaves_like "when no default authorization is set"
|
64
|
-
|
65
|
-
context "#authorize :allow" do
|
66
|
-
before do
|
67
|
-
app.authorize :allow
|
19
|
+
context 'defining route' do
|
20
|
+
it 'should be possible to set allow rule' do
|
21
|
+
app.get '/', :allow => :all do end
|
68
22
|
end
|
69
23
|
|
70
|
-
it 'should
|
71
|
-
app.get
|
72
|
-
get '/'
|
73
|
-
last_response.status.should == 200
|
24
|
+
it 'should be possible to set deny rule' do
|
25
|
+
app.get '/', :deny => :all do end
|
74
26
|
end
|
27
|
+
end
|
75
28
|
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
before do
|
80
|
-
app.authorize :allow => :all
|
81
|
-
end
|
82
|
-
|
83
|
-
it 'should allow routes by default' do
|
84
|
-
app.get('/') {}
|
85
|
-
get '/'
|
86
|
-
last_response.status.should == 200
|
87
|
-
end
|
88
|
-
|
89
|
-
it_behaves_like "when no default authorization is set"
|
29
|
+
context 'defining authorize block' do
|
30
|
+
it 'should be possible to define' do
|
31
|
+
app.authorize do |rule, args| end
|
90
32
|
end
|
91
33
|
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
end
|
96
|
-
|
97
|
-
it 'should deny routes by default' do
|
98
|
-
app.get('/') {}
|
99
|
-
get '/'
|
100
|
-
last_response.status.should == 403
|
101
|
-
end
|
34
|
+
it 'should be possible to set default rule' do
|
35
|
+
app.authorize :allow => :all do |rule, args| end
|
36
|
+
end
|
102
37
|
|
103
|
-
|
38
|
+
it 'should use default rule :allow => [] when no rule is set' do
|
39
|
+
app.authorize do |rule, args| end
|
40
|
+
block = mock('authorize_block')
|
41
|
+
block.should_receive(:call).with(:allow, [])
|
42
|
+
app.authorize_block.should_receive(:bind).and_return(block)
|
43
|
+
set_and_get
|
104
44
|
end
|
105
45
|
end
|
106
46
|
|
107
|
-
context '
|
108
|
-
|
109
|
-
app.authorize :
|
47
|
+
context 'authorize block not defined' do
|
48
|
+
it 'should raise exception when default rule is set' do
|
49
|
+
app.authorize :allow => :all
|
50
|
+
expect { set_and_get }.to raise_error(
|
51
|
+
RuntimeError, 'No authorize block is defined.')
|
110
52
|
end
|
111
53
|
|
112
|
-
it 'should
|
113
|
-
|
114
|
-
|
115
|
-
last_response.status.should == 403
|
54
|
+
it 'should raise exception when route rule is set' do
|
55
|
+
expect { set_and_get '/', :allow => :all }.to raise_error(
|
56
|
+
RuntimeError, 'No authorize block is defined.')
|
116
57
|
end
|
58
|
+
end
|
117
59
|
|
118
|
-
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
app.authorize :deny => :all
|
123
|
-
end
|
124
|
-
|
125
|
-
it 'should deny routes by default' do
|
126
|
-
app.get('/') {}
|
127
|
-
get '/'
|
128
|
-
last_response.status.should == 403
|
129
|
-
end
|
130
|
-
|
131
|
-
it_behaves_like "when no default authorization is set"
|
60
|
+
context 'no determinate rule evaluation for route' do
|
61
|
+
it 'should allow access when default rule is allow rule' do
|
62
|
+
app.authorize :allow => :all do |rule, args| nil end
|
63
|
+
set_and_get.status.should == 200
|
132
64
|
end
|
133
65
|
|
134
|
-
|
135
|
-
|
136
|
-
|
137
|
-
|
66
|
+
it 'should deny access when default rule is deny rule' do
|
67
|
+
app.authorize :deny => :all do |rule, args| nil end
|
68
|
+
set_and_get.status.should == 403
|
69
|
+
end
|
70
|
+
end
|
138
71
|
|
139
|
-
|
140
|
-
|
141
|
-
|
142
|
-
|
143
|
-
|
72
|
+
context 'multiple rules defined' do
|
73
|
+
it 'should evaluate rules in order of precedence' do
|
74
|
+
app.authorize :allow => :all do |rule, args| end
|
75
|
+
block = mock('authorize_block')
|
76
|
+
block.should_receive(:call).with(:deny, [:all]).ordered
|
77
|
+
block.should_receive(:call).with(:allow, [:all]).ordered
|
78
|
+
app.authorize_block.should_receive(:bind).twice.and_return(block)
|
79
|
+
set_and_get '/', :deny => :all
|
80
|
+
end
|
144
81
|
|
145
|
-
|
82
|
+
it 'should use first determinate evaluation result' do
|
83
|
+
app.authorize :allow => :all do |rule, args| end
|
84
|
+
block = mock('authorize_block')
|
85
|
+
block.should_receive(:call).with(:deny, [:all]).and_return(false)
|
86
|
+
app.authorize_block.should_receive(:bind).and_return(block)
|
87
|
+
set_and_get '/', :deny => :all
|
146
88
|
end
|
147
89
|
end
|
148
90
|
end
|
data/spec/spec_helper.rb
CHANGED
metadata
CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
|
|
5
5
|
segments:
|
6
6
|
- 0
|
7
7
|
- 0
|
8
|
-
-
|
9
|
-
version: 0.0.
|
8
|
+
- 2
|
9
|
+
version: 0.0.2
|
10
10
|
platform: ruby
|
11
11
|
authors:
|
12
12
|
- Ole Petter Bang
|
@@ -14,7 +14,7 @@ autorequire:
|
|
14
14
|
bindir: bin
|
15
15
|
cert_chain: []
|
16
16
|
|
17
|
-
date: 2011-
|
17
|
+
date: 2011-05-21 00:00:00 +02:00
|
18
18
|
default_executable:
|
19
19
|
dependencies:
|
20
20
|
- !ruby/object:Gem::Dependency
|
@@ -105,10 +105,12 @@ files:
|
|
105
105
|
- .rspec
|
106
106
|
- Gemfile
|
107
107
|
- Gemfile.lock
|
108
|
+
- LICENSE
|
109
|
+
- README.md
|
108
110
|
- Rakefile
|
111
|
+
- history.md
|
109
112
|
- lib/sinatra-authorize/version.rb
|
110
113
|
- lib/sinatra/authorize.rb
|
111
|
-
- readme.md
|
112
114
|
- sinatra-authorize.gemspec
|
113
115
|
- spec/sinatra/authorize_spec.rb
|
114
116
|
- spec/spec_helper.rb
|