three 1.1.0 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +1 -1
- data/README.markdown +18 -0
- data/changelog.txt +5 -0
- data/lib/three.rb +8 -0
- data/lib/three/evaluator.rb +11 -9
- data/lib/three/version.rb +1 -1
- data/spec/three/evaluator_spec.rb +45 -0
- data/spec/three_spec.rb +21 -0
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 009a9b99cbdffb05a9e283827b05e3fe0e1eb082
|
4
|
+
data.tar.gz: 4e4faa7324a05ef27b3ebba6301ca763f9821dd1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 10c756626332c5b7805ecb2edac547b1723d730a364e067d02a97bda858f981617f3e0071bc987e06b189a477c3a5f365106a2b859dff24b535ffb30eb38db1f
|
7
|
+
data.tar.gz: 818711ac6b94bd8b2c7cfdbfe6cec906ee75128eca5847bba58c772f8068e89dc668760ffae78cf3ea024a49275ea6dd96224c8e72d7b7268039e63f7397ea46
|
data/.gitignore
CHANGED
@@ -1,2 +1,2 @@
|
|
1
1
|
.rvmrc
|
2
|
-
|
2
|
+
Gemfile.lock
|
data/README.markdown
CHANGED
@@ -168,3 +168,21 @@ evaluator.rescue_errors = false
|
|
168
168
|
evaluator.allowed? nil, :watch_out # POW an error was raised
|
169
169
|
|
170
170
|
```
|
171
|
+
|
172
|
+
### Tracing
|
173
|
+
|
174
|
+
Ok, so if your security rights are broken out into many different classes, it might be helpful to which one is allowing or preventing permissions.
|
175
|
+
|
176
|
+
If you'd like to take a peek behind the curtain, try the following:
|
177
|
+
|
178
|
+
```ruby
|
179
|
+
Three.when_tracing do |what, details|
|
180
|
+
# "what" will be :allowed/:prevented
|
181
|
+
# details is a hash with the following:
|
182
|
+
# subject # the subject of the rules check
|
183
|
+
# target # the target, if one was provided
|
184
|
+
# permissions # the permissions either allowed or prevented
|
185
|
+
# rule # the rule making the check
|
186
|
+
puts [what, details].inspect
|
187
|
+
end
|
188
|
+
```
|
data/changelog.txt
ADDED
data/lib/three.rb
CHANGED
data/lib/three/evaluator.rb
CHANGED
@@ -58,15 +58,17 @@ module Three
|
|
58
58
|
end
|
59
59
|
|
60
60
|
def execute_rule rule, method, subject, target
|
61
|
-
if rescue_errors
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
61
|
+
permissions = if rescue_errors
|
62
|
+
begin
|
63
|
+
rule.send(method, subject, target)
|
64
|
+
rescue
|
65
|
+
[]
|
66
|
+
end
|
67
|
+
else
|
68
|
+
rule.send(method, subject, target)
|
69
|
+
end
|
70
|
+
Three.trace method, { subject: subject, target: target, permissions: permissions, rule: rule }
|
71
|
+
permissions
|
70
72
|
end
|
71
73
|
|
72
74
|
def flatten_permissions permissions
|
data/lib/three/version.rb
CHANGED
@@ -86,4 +86,49 @@ describe Three::Evaluator do
|
|
86
86
|
|
87
87
|
end
|
88
88
|
|
89
|
+
describe "noting important things" do
|
90
|
+
|
91
|
+
let(:the_subject) { Object.new }
|
92
|
+
let(:the_target) { Object.new }
|
93
|
+
let(:permission) { SecureRandom.uuid.to_sym }
|
94
|
+
|
95
|
+
let(:permission_to_prevent) { SecureRandom.uuid.to_sym }
|
96
|
+
|
97
|
+
let(:rule) do
|
98
|
+
Object.new.tap do |r|
|
99
|
+
r.stubs(:allowed).returns [permission]
|
100
|
+
r.stubs(:prevented).returns [permission_to_prevent]
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
104
|
+
let(:evaluator) { Three.evaluator_for rule }
|
105
|
+
|
106
|
+
before { Three.stubs :trace }
|
107
|
+
|
108
|
+
it "should trace the allowed permission build-up" do
|
109
|
+
Three.expects(:trace).with do |what, stuff|
|
110
|
+
what == :allowed &&
|
111
|
+
stuff[:rule].object_id == rule.object_id &&
|
112
|
+
stuff[:permissions].count == 1 && stuff[:permissions][0] == permission &&
|
113
|
+
stuff[:subject].object_id == the_subject.object_id &&
|
114
|
+
stuff[:target].object_id == the_target.object_id
|
115
|
+
end
|
116
|
+
|
117
|
+
evaluator.allowed?(the_subject, permission, the_target)
|
118
|
+
end
|
119
|
+
|
120
|
+
it "should trace the prevented permission build-up" do
|
121
|
+
Three.expects(:trace).with do |what, stuff|
|
122
|
+
what == :prevented &&
|
123
|
+
stuff[:rule].object_id == rule.object_id &&
|
124
|
+
stuff[:permissions].count == 1 && stuff[:permissions][0] == permission_to_prevent &&
|
125
|
+
stuff[:subject].object_id == the_subject.object_id &&
|
126
|
+
stuff[:target].object_id == the_target.object_id
|
127
|
+
end
|
128
|
+
|
129
|
+
evaluator.allowed?(the_subject, permission, the_target)
|
130
|
+
end
|
131
|
+
|
132
|
+
end
|
133
|
+
|
89
134
|
end
|
data/spec/three_spec.rb
CHANGED
@@ -234,4 +234,25 @@ describe Three do
|
|
234
234
|
|
235
235
|
end
|
236
236
|
|
237
|
+
describe "tracing" do
|
238
|
+
|
239
|
+
before { Three.instance_eval { @trace_method = nil } }
|
240
|
+
after { Three.instance_eval { @trace_method = nil } }
|
241
|
+
|
242
|
+
it "should do nothing by default" do
|
243
|
+
Three.trace nil, nil
|
244
|
+
end
|
245
|
+
|
246
|
+
it "should allow me to register a new way to handle nothing" do
|
247
|
+
one, two, thing = Object.new, Object.new, Object.new
|
248
|
+
Three.when_tracing { |a, b| [a, b, thing] }
|
249
|
+
|
250
|
+
result = Three.trace one, two
|
251
|
+
result[0].must_be_same_as one
|
252
|
+
result[1].must_be_same_as two
|
253
|
+
result[2].must_be_same_as thing
|
254
|
+
end
|
255
|
+
|
256
|
+
end
|
257
|
+
|
237
258
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: three
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.2.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Darren Cauthon
|
@@ -52,6 +52,7 @@ files:
|
|
52
52
|
- ORIGINAL_LICENSE
|
53
53
|
- README.markdown
|
54
54
|
- Rakefile
|
55
|
+
- changelog.txt
|
55
56
|
- lib/three.rb
|
56
57
|
- lib/three/evaluator.rb
|
57
58
|
- lib/three/version.rb
|
@@ -78,7 +79,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
78
79
|
version: '0'
|
79
80
|
requirements: []
|
80
81
|
rubyforge_project:
|
81
|
-
rubygems_version: 2.
|
82
|
+
rubygems_version: 2.4.5
|
82
83
|
signing_key:
|
83
84
|
specification_version: 4
|
84
85
|
summary: three
|