timcharper-declarative_authorization 0.4.1.2 → 0.4.1.3

data/CHANGELOG

@@ -1,4 +1,8 @@
-* Rails 3 support
+* Omnipotent roles [timcharper]
+
+* Meaningful error in case of missing authorization rules file [timcharper]
+
+* Rails 3 support [sb]
 
 * Support shallow nested resources [jjb]
 

data/README.rdoc

@@ -491,9 +491,9 @@ sbartsch at tzi.org
 = Contributors
 
 Thanks to John Joseph Bachir, Eike Carls, Kai Chen, Erik Dahlstrand,
-Jeroen van Dijk, Sebastian Dyck, Jeremy Friesen, Daniel Kristensen, Brian Langenfeld,
-Georg Ledermann, Geoff Longman, Olly Lylo, Mark Mansour, Thomas Maurer,
-Mike Vincent
+Jeroen van Dijk, Sebastian Dyck, Jeremy Friesen, Tim Harper, Daniel Kristensen,
+Brian Langenfeld, Georg Ledermann, Geoff Longman, Olly Lylo, Mark Mansour,
+Thomas Maurer, Mike Vincent
 
 
 = Licence

data/app/controllers/authorization_rules_controller.rb

@@ -18,7 +18,7 @@ class AuthorizationRulesController < ApplicationController
   def index
     respond_to do |format|
       format.html do
-        @auth_rules_script = File.read("#{RAILS_ROOT}/config/authorization_rules.rb")
+        @auth_rules_script = File.read("#{::Rails.root}/config/authorization_rules.rb")
       end
     end
   end

data/lib/declarative_authorization/authorization.rb

@@ -1,4 +1,5 @@
 # Authorization
+require File.dirname(__FILE__) + '/railsengine' if defined?(::Rails::Engine)
 require File.dirname(__FILE__) + '/reader.rb'
 require "set"
 
@@ -20,7 +21,7 @@ module Authorization
   # The exception is raised to ensure that the entire rule is invalidated.
   class NilAttributeValueError < AuthorizationError; end
   
-  AUTH_DSL_FILES = ["#{RAILS_ROOT}/config/authorization_rules.rb"] unless defined? AUTH_DSL_FILES
+  AUTH_DSL_FILES = [(Rails.root || Pathname.new('')).join("config", "authorization_rules.rb").to_s] unless defined? AUTH_DSL_FILES
   
   # Controller-independent method for retrieving the current user.
   # Needed for model security where the current controller is not available.
@@ -40,7 +41,7 @@ module Authorization
   end
 
   def self.activate_authorization_rules_browser? # :nodoc:
-    ::RAILS_ENV == 'development'
+    ::Rails.env.development?
   end
 
   @@dot_path = "dot"
@@ -65,15 +66,8 @@ module Authorization
     # authorization configuration of +AUTH_DSL_FILES+.  If given, may be either
     # a Reader object or a path to a configuration file.
     def initialize (reader = nil)
-      if reader.nil?
-        begin
-          reader = Reader::DSLReader.load(AUTH_DSL_FILES)
-        rescue SystemCallError
-          reader = Reader::DSLReader.new
-        end
-      elsif reader.is_a?(String)
-        reader = Reader::DSLReader.load(reader)
-      end
+      reader = Reader::DSLReader.factory(reader || AUTH_DSL_FILES)
+
       @privileges = reader.privileges_reader.privileges
       # {priv => [[priv, ctx],...]}
       @privilege_hierarchy = reader.privileges_reader.privilege_hierarchy
@@ -161,7 +155,8 @@ module Authorization
       
       user, roles, privileges = user_roles_privleges_from_options(privilege, options)
 
-      return true unless (roles & @omnipotent_roles).empty?
+      return true if roles.is_a?(Array) and not (roles & @omnipotent_roles).empty?
+
       # find a authorization rule that matches for at least one of the roles and 
       # at least one of the given privileges
       attr_validator = AttributeValidator.new(self, user, options[:object], privilege, options[:context])
@@ -523,8 +518,9 @@ module Authorization
       begin
         object.send(attr)
       rescue ArgumentError, NoMethodError => e
-        raise AuthorizationUsageError, "Error when calling #{attr} on " +
-         "#{object.inspect} for validating attribute: #{e}"
+        raise RuntimeError, "Error occurred while validating attribute ##{attr} on #{object.inspect}: #{e}.\n" +
+          "Please check your authorization rules and ensure the attribute is correctly spelled and \n" +
+          "corresponds to a method on the model you are authorizing for."
       end
     end
 

data/lib/declarative_authorization/maintenance.rb

@@ -55,9 +55,9 @@ module Authorization
       def self.usages_by_controller
         # load each application controller
         begin
-          Dir.foreach(File.join(RAILS_ROOT, %w{app controllers})) do |entry|
+          Dir.foreach(File.join(::Rails.root, %w{app controllers})) do |entry|
             if entry =~ /^\w+_controller\.rb$/
-              require File.join(RAILS_ROOT, %w{app controllers}, entry)
+              require File.join(::Rails.root, %w{app controllers}, entry)
             end
           end
         rescue Errno::ENOENT

data/lib/declarative_authorization/obligation_scope.rb

@@ -42,10 +42,14 @@ module Authorization
   # +@proxy_options[:joins] = { :bar => { :baz => :foo } }
   # @proxy_options[:conditions] = [ 'foos_bazzes.attr = :foos_bazzes__id_0', { :foos_bazzes__id_0 => 1 } ]+
   #
-  class ObligationScope < ActiveRecord::NamedScope::Scope
+  class ObligationScope < (Rails.version < "3" ? ActiveRecord::NamedScope::Scope : ActiveRecord::Relation)
     def initialize (model, options)
       @finder_options = {}
-      super(model, options)
+      if Rails.version < "3"
+        super(model, options)
+      else
+	super(model, model.table_name)
+      end
     end
 
     def scope
@@ -342,4 +346,4 @@ module Authorization
       end
     end
   end
-end
+end

data/lib/declarative_authorization/reader.rb

@@ -35,6 +35,8 @@ module Authorization
   # * PrivilegesReader#includes
   #
   module Reader
+    # Signals that the specified file to load was not found.
+    class DSLFileNotFoundError < Exception; end
     # Signals errors that occur while reading and parsing an authorization DSL
     class DSLError < Exception; end
     # Signals errors in the syntax of an authorization DSL.
@@ -53,6 +55,19 @@ module Authorization
         @auth_rules_reader = AuthorizationRulesReader.new
       end
 
+      # ensures you get back a DSLReader
+      # if you provide a:
+      #   DSLReader - you will get it back.
+      #   String or Array - it will treat it as if you have passed a path or an array of paths and attempt to load those.
+      def self.factory(obj)
+        case obj
+        when Reader::DSLReader
+          obj
+        when String, Array
+          load(obj)
+        end
+      end
+
       # Parses a authorization DSL specification from the string given
       # in +dsl_data+.  Raises DSLSyntaxError if errors occur on parsing.
       def parse (dsl_data, file_name = nil)
@@ -71,7 +86,11 @@ module Authorization
         reader = new
         dsl_files = [dsl_files].flatten
         dsl_files.each do |file|
-          reader.parse(File.read(file), file) if File.exist?(file)
+          begin
+            reader.parse(File.read(file), file)
+          rescue SystemCallError
+            raise ::Authorization::Reader::DSLFileNotFoundError, "Error reading authorization rules file with path '#{file}'!  Please ensure it exists and that it is accessible."
+          end
         end
         reader
       end
@@ -249,8 +268,13 @@ module Authorization
           @current_rule = nil
         end
       end
-      
+
+      # Removes any permission checks for the current role.
+      #   role :admin
+      #     has_omnipotence
+      #   end
       def has_omnipotence
+        raise DSLError, "has_omnipotence only allowed in role blocks" if @current_role.nil?
         @omnipotent_roles << @current_role
       end
 

data/test/authorization_test.rb

@@ -900,7 +900,7 @@ class AuthorizationTest < Test::Unit::TestCase
       end
     }
     engine = Authorization::Engine.new(reader)
-    assert_raise Authorization::AuthorizationUsageError do
+    assert_raise RuntimeError do
       engine.permit?(:test, :context => :permissions,
                      :user => MockUser.new(:test_role),
                      :object => MockDataObject.new(:test_attrs => [1, 2, 3]))

data/test/dsl_reader_test.rb

@@ -154,4 +154,20 @@ class DSLReaderTest < Test::Unit::TestCase
       }
     end
   end
+
+  def test_factory_returns_self
+    reader = Authorization::Reader::DSLReader.new
+    assert_equal(Authorization::Reader::DSLReader.factory(reader).object_id, reader.object_id)
+  end
+
+  def test_factory_loads_file
+    reader = Authorization::Reader::DSLReader.factory((DA_ROOT + "authorization_rules.dist.rb").to_s)
+    assert_equal(Authorization::Reader::DSLReader, reader.class)
+  end
+
+  def test_load_file_not_found
+    assert_raise(Authorization::Reader::DSLFileNotFoundError) do
+      Authorization::Reader::DSLReader.load("nonexistent_file.rb")
+    end
+  end
 end

data/test/helper_test.rb

@@ -99,6 +99,7 @@ class HelperTest < ActionController::TestCase
     
     assert has_role?(:test_role)
     assert !has_role?(:test_role2)
+    assert !has_role?(:test_role, :test_role2)
     
     block_evaled = false
     has_role?(:test_role) do

data/test/test_helper.rb

@@ -1,4 +1,5 @@
 require 'test/unit'
+require 'pathname'
 
 unless defined?(RAILS_ROOT)
   RAILS_ROOT = ENV['RAILS_ROOT'] ?
@@ -6,11 +7,6 @@ unless defined?(RAILS_ROOT)
       File.join(File.dirname(__FILE__), %w{.. .. .. ..})
 end
 
-require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization rails_legacy})
-require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization authorization})
-require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization in_controller})
-require File.join(File.dirname(__FILE__), %w{.. lib declarative_authorization maintenance})
-
 unless defined?(ActiveRecord)
   if File.directory? RAILS_ROOT + '/config'
     puts 'Using config/boot.rb'
@@ -18,11 +14,11 @@ unless defined?(ActiveRecord)
     require File.join(RAILS_ROOT, 'config', 'environment.rb')
   else
     # simply use installed gems if available
-    version_requirement = ENV['RAILS_VERSION'] ? "= #{ENV['RAILS_VERSION']}" : nil
+    version_requirement = ENV['RAILS_VERSION'] ? "= #{ENV['RAILS_VERSION']}" : "> 2.1.0"
     puts "Using Rails from RubyGems (#{version_requirement || "default"})"
     require 'rubygems'
     %w{actionpack activerecord activesupport rails}.each do |gem_name|
-      gem gem_name, version_requirement || "> 2.1.0"
+      gem gem_name, version_requirement
     end
   end
 
@@ -31,6 +27,13 @@ unless defined?(ActiveRecord)
   end
 end
 
+DA_ROOT = Pathname.new(File.expand_path("..", File.dirname(__FILE__)))
+
+require DA_ROOT + File.join(%w{lib declarative_authorization rails_legacy})
+require DA_ROOT + File.join(%w{lib declarative_authorization authorization})
+require DA_ROOT + File.join(%w{lib declarative_authorization in_controller})
+require DA_ROOT + File.join(%w{lib declarative_authorization maintenance})
+
 begin
   require 'ruby-debug'
 rescue MissingSourceFile; end
@@ -110,9 +113,18 @@ class MocksController < ActionController::Base
   end
 end
 
-ActionController::Routing::Routes.draw do |map|
-  map.connect ':controller/:action/:id'
+if Rails.version < "3"
+  ActionController::Routing::Routes.draw do |map|
+    map.connect ':controller/:action/:id'
+  end
+else
+  Rails::Application.routes.draw do
+    match '/name/spaced_things(/:action)' => 'name/spaced_things'
+    match '/deep/name_spaced/things(/:action)' => 'deep/name_spaced/things'
+    match '/:controller(/:action(/:id))'
+  end
 end
+
 ActionController::Base.send :include, Authorization::AuthorizationInController
 if Rails.version < "3"
   require "action_controller/test_process"
@@ -131,4 +143,10 @@ class Test::Unit::TestCase
     end
     get action, params
   end
+
+  unless Rails.version < "3"
+    def setup
+      @routes = Rails::Application.routes
+    end
+  end
 end

metadata

@@ -6,8 +6,8 @@ version: !ruby/object:Gem::Version
   - 0
   - 4
   - 1
-  - 2
-  version: 0.4.1.2
+  - 3
+  version: 0.4.1.3
 platform: ruby
 authors: 
 - Steffen Bartsch
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-03-24 00:00:00 -06:00
+date: 2010-04-27 00:00:00 -06:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency