timcharper-declarative_authorization 0.4.1.2 → 0.4.1.3
Sign up to get free protection for your applications and to get access to all the features.
- data/CHANGELOG +5 -1
- data/README.rdoc +3 -3
- data/app/controllers/authorization_rules_controller.rb +1 -1
- data/lib/declarative_authorization/authorization.rb +10 -14
- data/lib/declarative_authorization/maintenance.rb +2 -2
- data/lib/declarative_authorization/obligation_scope.rb +7 -3
- data/lib/declarative_authorization/reader.rb +26 -2
- data/test/authorization_test.rb +1 -1
- data/test/dsl_reader_test.rb +16 -0
- data/test/helper_test.rb +1 -0
- data/test/test_helper.rb +27 -9
- metadata +3 -3
data/CHANGELOG
CHANGED
data/README.rdoc
CHANGED
@@ -491,9 +491,9 @@ sbartsch at tzi.org
|
|
491
491
|
= Contributors
|
492
492
|
|
493
493
|
Thanks to John Joseph Bachir, Eike Carls, Kai Chen, Erik Dahlstrand,
|
494
|
-
Jeroen van Dijk, Sebastian Dyck, Jeremy Friesen,
|
495
|
-
Georg Ledermann, Geoff Longman, Olly Lylo, Mark Mansour,
|
496
|
-
Mike Vincent
|
494
|
+
Jeroen van Dijk, Sebastian Dyck, Jeremy Friesen, Tim Harper, Daniel Kristensen,
|
495
|
+
Brian Langenfeld, Georg Ledermann, Geoff Longman, Olly Lylo, Mark Mansour,
|
496
|
+
Thomas Maurer, Mike Vincent
|
497
497
|
|
498
498
|
|
499
499
|
= Licence
|
@@ -18,7 +18,7 @@ class AuthorizationRulesController < ApplicationController
|
|
18
18
|
def index
|
19
19
|
respond_to do |format|
|
20
20
|
format.html do
|
21
|
-
@auth_rules_script = File.read("#{
|
21
|
+
@auth_rules_script = File.read("#{::Rails.root}/config/authorization_rules.rb")
|
22
22
|
end
|
23
23
|
end
|
24
24
|
end
|
@@ -1,4 +1,5 @@
|
|
1
1
|
# Authorization
|
2
|
+
require File.dirname(__FILE__) + '/railsengine' if defined?(::Rails::Engine)
|
2
3
|
require File.dirname(__FILE__) + '/reader.rb'
|
3
4
|
require "set"
|
4
5
|
|
@@ -20,7 +21,7 @@ module Authorization
|
|
20
21
|
# The exception is raised to ensure that the entire rule is invalidated.
|
21
22
|
class NilAttributeValueError < AuthorizationError; end
|
22
23
|
|
23
|
-
AUTH_DSL_FILES = ["
|
24
|
+
AUTH_DSL_FILES = [(Rails.root || Pathname.new('')).join("config", "authorization_rules.rb").to_s] unless defined? AUTH_DSL_FILES
|
24
25
|
|
25
26
|
# Controller-independent method for retrieving the current user.
|
26
27
|
# Needed for model security where the current controller is not available.
|
@@ -40,7 +41,7 @@ module Authorization
|
|
40
41
|
end
|
41
42
|
|
42
43
|
def self.activate_authorization_rules_browser? # :nodoc:
|
43
|
-
::
|
44
|
+
::Rails.env.development?
|
44
45
|
end
|
45
46
|
|
46
47
|
@@dot_path = "dot"
|
@@ -65,15 +66,8 @@ module Authorization
|
|
65
66
|
# authorization configuration of +AUTH_DSL_FILES+. If given, may be either
|
66
67
|
# a Reader object or a path to a configuration file.
|
67
68
|
def initialize (reader = nil)
|
68
|
-
|
69
|
-
|
70
|
-
reader = Reader::DSLReader.load(AUTH_DSL_FILES)
|
71
|
-
rescue SystemCallError
|
72
|
-
reader = Reader::DSLReader.new
|
73
|
-
end
|
74
|
-
elsif reader.is_a?(String)
|
75
|
-
reader = Reader::DSLReader.load(reader)
|
76
|
-
end
|
69
|
+
reader = Reader::DSLReader.factory(reader || AUTH_DSL_FILES)
|
70
|
+
|
77
71
|
@privileges = reader.privileges_reader.privileges
|
78
72
|
# {priv => [[priv, ctx],...]}
|
79
73
|
@privilege_hierarchy = reader.privileges_reader.privilege_hierarchy
|
@@ -161,7 +155,8 @@ module Authorization
|
|
161
155
|
|
162
156
|
user, roles, privileges = user_roles_privleges_from_options(privilege, options)
|
163
157
|
|
164
|
-
return true
|
158
|
+
return true if roles.is_a?(Array) and not (roles & @omnipotent_roles).empty?
|
159
|
+
|
165
160
|
# find a authorization rule that matches for at least one of the roles and
|
166
161
|
# at least one of the given privileges
|
167
162
|
attr_validator = AttributeValidator.new(self, user, options[:object], privilege, options[:context])
|
@@ -523,8 +518,9 @@ module Authorization
|
|
523
518
|
begin
|
524
519
|
object.send(attr)
|
525
520
|
rescue ArgumentError, NoMethodError => e
|
526
|
-
raise
|
527
|
-
|
521
|
+
raise RuntimeError, "Error occurred while validating attribute ##{attr} on #{object.inspect}: #{e}.\n" +
|
522
|
+
"Please check your authorization rules and ensure the attribute is correctly spelled and \n" +
|
523
|
+
"corresponds to a method on the model you are authorizing for."
|
528
524
|
end
|
529
525
|
end
|
530
526
|
|
@@ -55,9 +55,9 @@ module Authorization
|
|
55
55
|
def self.usages_by_controller
|
56
56
|
# load each application controller
|
57
57
|
begin
|
58
|
-
Dir.foreach(File.join(
|
58
|
+
Dir.foreach(File.join(::Rails.root, %w{app controllers})) do |entry|
|
59
59
|
if entry =~ /^\w+_controller\.rb$/
|
60
|
-
require File.join(
|
60
|
+
require File.join(::Rails.root, %w{app controllers}, entry)
|
61
61
|
end
|
62
62
|
end
|
63
63
|
rescue Errno::ENOENT
|
@@ -42,10 +42,14 @@ module Authorization
|
|
42
42
|
# +@proxy_options[:joins] = { :bar => { :baz => :foo } }
|
43
43
|
# @proxy_options[:conditions] = [ 'foos_bazzes.attr = :foos_bazzes__id_0', { :foos_bazzes__id_0 => 1 } ]+
|
44
44
|
#
|
45
|
-
class ObligationScope < ActiveRecord::NamedScope::Scope
|
45
|
+
class ObligationScope < (Rails.version < "3" ? ActiveRecord::NamedScope::Scope : ActiveRecord::Relation)
|
46
46
|
def initialize (model, options)
|
47
47
|
@finder_options = {}
|
48
|
-
|
48
|
+
if Rails.version < "3"
|
49
|
+
super(model, options)
|
50
|
+
else
|
51
|
+
super(model, model.table_name)
|
52
|
+
end
|
49
53
|
end
|
50
54
|
|
51
55
|
def scope
|
@@ -342,4 +346,4 @@ module Authorization
|
|
342
346
|
end
|
343
347
|
end
|
344
348
|
end
|
345
|
-
end
|
349
|
+
end
|
@@ -35,6 +35,8 @@ module Authorization
|
|
35
35
|
# * PrivilegesReader#includes
|
36
36
|
#
|
37
37
|
module Reader
|
38
|
+
# Signals that the specified file to load was not found.
|
39
|
+
class DSLFileNotFoundError < Exception; end
|
38
40
|
# Signals errors that occur while reading and parsing an authorization DSL
|
39
41
|
class DSLError < Exception; end
|
40
42
|
# Signals errors in the syntax of an authorization DSL.
|
@@ -53,6 +55,19 @@ module Authorization
|
|
53
55
|
@auth_rules_reader = AuthorizationRulesReader.new
|
54
56
|
end
|
55
57
|
|
58
|
+
# ensures you get back a DSLReader
|
59
|
+
# if you provide a:
|
60
|
+
# DSLReader - you will get it back.
|
61
|
+
# String or Array - it will treat it as if you have passed a path or an array of paths and attempt to load those.
|
62
|
+
def self.factory(obj)
|
63
|
+
case obj
|
64
|
+
when Reader::DSLReader
|
65
|
+
obj
|
66
|
+
when String, Array
|
67
|
+
load(obj)
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
56
71
|
# Parses a authorization DSL specification from the string given
|
57
72
|
# in +dsl_data+. Raises DSLSyntaxError if errors occur on parsing.
|
58
73
|
def parse (dsl_data, file_name = nil)
|
@@ -71,7 +86,11 @@ module Authorization
|
|
71
86
|
reader = new
|
72
87
|
dsl_files = [dsl_files].flatten
|
73
88
|
dsl_files.each do |file|
|
74
|
-
|
89
|
+
begin
|
90
|
+
reader.parse(File.read(file), file)
|
91
|
+
rescue SystemCallError
|
92
|
+
raise ::Authorization::Reader::DSLFileNotFoundError, "Error reading authorization rules file with path '#{file}'! Please ensure it exists and that it is accessible."
|
93
|
+
end
|
75
94
|
end
|
76
95
|
reader
|
77
96
|
end
|
@@ -249,8 +268,13 @@ module Authorization
|
|
249
268
|
@current_rule = nil
|
250
269
|
end
|
251
270
|
end
|
252
|
-
|
271
|
+
|
272
|
+
# Removes any permission checks for the current role.
|
273
|
+
# role :admin
|
274
|
+
# has_omnipotence
|
275
|
+
# end
|
253
276
|
def has_omnipotence
|
277
|
+
raise DSLError, "has_omnipotence only allowed in role blocks" if @current_role.nil?
|
254
278
|
@omnipotent_roles << @current_role
|
255
279
|
end
|
256
280
|
|
data/test/authorization_test.rb
CHANGED
@@ -900,7 +900,7 @@ class AuthorizationTest < Test::Unit::TestCase
|
|
900
900
|
end
|
901
901
|
}
|
902
902
|
engine = Authorization::Engine.new(reader)
|
903
|
-
assert_raise
|
903
|
+
assert_raise RuntimeError do
|
904
904
|
engine.permit?(:test, :context => :permissions,
|
905
905
|
:user => MockUser.new(:test_role),
|
906
906
|
:object => MockDataObject.new(:test_attrs => [1, 2, 3]))
|
data/test/dsl_reader_test.rb
CHANGED
@@ -154,4 +154,20 @@ class DSLReaderTest < Test::Unit::TestCase
|
|
154
154
|
}
|
155
155
|
end
|
156
156
|
end
|
157
|
+
|
158
|
+
def test_factory_returns_self
|
159
|
+
reader = Authorization::Reader::DSLReader.new
|
160
|
+
assert_equal(Authorization::Reader::DSLReader.factory(reader).object_id, reader.object_id)
|
161
|
+
end
|
162
|
+
|
163
|
+
def test_factory_loads_file
|
164
|
+
reader = Authorization::Reader::DSLReader.factory((DA_ROOT + "authorization_rules.dist.rb").to_s)
|
165
|
+
assert_equal(Authorization::Reader::DSLReader, reader.class)
|
166
|
+
end
|
167
|
+
|
168
|
+
def test_load_file_not_found
|
169
|
+
assert_raise(Authorization::Reader::DSLFileNotFoundError) do
|
170
|
+
Authorization::Reader::DSLReader.load("nonexistent_file.rb")
|
171
|
+
end
|
172
|
+
end
|
157
173
|
end
|
data/test/helper_test.rb
CHANGED
data/test/test_helper.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
require 'test/unit'
|
2
|
+
require 'pathname'
|
2
3
|
|
3
4
|
unless defined?(RAILS_ROOT)
|
4
5
|
RAILS_ROOT = ENV['RAILS_ROOT'] ?
|
@@ -6,11 +7,6 @@ unless defined?(RAILS_ROOT)
|
|
6
7
|
File.join(File.dirname(__FILE__), %w{.. .. .. ..})
|
7
8
|
end
|
8
9
|
|
9
|
-
require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization rails_legacy})
|
10
|
-
require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization authorization})
|
11
|
-
require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization in_controller})
|
12
|
-
require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization maintenance})
|
13
|
-
|
14
10
|
unless defined?(ActiveRecord)
|
15
11
|
if File.directory? RAILS_ROOT + '/config'
|
16
12
|
puts 'Using config/boot.rb'
|
@@ -18,11 +14,11 @@ unless defined?(ActiveRecord)
|
|
18
14
|
require File.join(RAILS_ROOT, 'config', 'environment.rb')
|
19
15
|
else
|
20
16
|
# simply use installed gems if available
|
21
|
-
version_requirement = ENV['RAILS_VERSION'] ? "= #{ENV['RAILS_VERSION']}" :
|
17
|
+
version_requirement = ENV['RAILS_VERSION'] ? "= #{ENV['RAILS_VERSION']}" : "> 2.1.0"
|
22
18
|
puts "Using Rails from RubyGems (#{version_requirement || "default"})"
|
23
19
|
require 'rubygems'
|
24
20
|
%w{actionpack activerecord activesupport rails}.each do |gem_name|
|
25
|
-
gem gem_name, version_requirement
|
21
|
+
gem gem_name, version_requirement
|
26
22
|
end
|
27
23
|
end
|
28
24
|
|
@@ -31,6 +27,13 @@ unless defined?(ActiveRecord)
|
|
31
27
|
end
|
32
28
|
end
|
33
29
|
|
30
|
+
DA_ROOT = Pathname.new(File.expand_path("..", File.dirname(__FILE__)))
|
31
|
+
|
32
|
+
require DA_ROOT + File.join(%w{lib declarative_authorization rails_legacy})
|
33
|
+
require DA_ROOT + File.join(%w{lib declarative_authorization authorization})
|
34
|
+
require DA_ROOT + File.join(%w{lib declarative_authorization in_controller})
|
35
|
+
require DA_ROOT + File.join(%w{lib declarative_authorization maintenance})
|
36
|
+
|
34
37
|
begin
|
35
38
|
require 'ruby-debug'
|
36
39
|
rescue MissingSourceFile; end
|
@@ -110,9 +113,18 @@ class MocksController < ActionController::Base
|
|
110
113
|
end
|
111
114
|
end
|
112
115
|
|
113
|
-
|
114
|
-
|
116
|
+
if Rails.version < "3"
|
117
|
+
ActionController::Routing::Routes.draw do |map|
|
118
|
+
map.connect ':controller/:action/:id'
|
119
|
+
end
|
120
|
+
else
|
121
|
+
Rails::Application.routes.draw do
|
122
|
+
match '/name/spaced_things(/:action)' => 'name/spaced_things'
|
123
|
+
match '/deep/name_spaced/things(/:action)' => 'deep/name_spaced/things'
|
124
|
+
match '/:controller(/:action(/:id))'
|
125
|
+
end
|
115
126
|
end
|
127
|
+
|
116
128
|
ActionController::Base.send :include, Authorization::AuthorizationInController
|
117
129
|
if Rails.version < "3"
|
118
130
|
require "action_controller/test_process"
|
@@ -131,4 +143,10 @@ class Test::Unit::TestCase
|
|
131
143
|
end
|
132
144
|
get action, params
|
133
145
|
end
|
146
|
+
|
147
|
+
unless Rails.version < "3"
|
148
|
+
def setup
|
149
|
+
@routes = Rails::Application.routes
|
150
|
+
end
|
151
|
+
end
|
134
152
|
end
|
metadata
CHANGED
@@ -6,8 +6,8 @@ version: !ruby/object:Gem::Version
|
|
6
6
|
- 0
|
7
7
|
- 4
|
8
8
|
- 1
|
9
|
-
-
|
10
|
-
version: 0.4.1.
|
9
|
+
- 3
|
10
|
+
version: 0.4.1.3
|
11
11
|
platform: ruby
|
12
12
|
authors:
|
13
13
|
- Steffen Bartsch
|
@@ -15,7 +15,7 @@ autorequire:
|
|
15
15
|
bindir: bin
|
16
16
|
cert_chain: []
|
17
17
|
|
18
|
-
date: 2010-
|
18
|
+
date: 2010-04-27 00:00:00 -06:00
|
19
19
|
default_executable:
|
20
20
|
dependencies:
|
21
21
|
- !ruby/object:Gem::Dependency
|