tuersteher 0.3.4 → 0.4.0

data/VERSION

@@ -1 +1 @@
-0.3.4
+0.4.0

data/lib/tuersteher.rb

@@ -30,6 +30,7 @@ module Tuersteher
     end
   end
 
+
   class AccessRulesStorage
     include Singleton
 
@@ -89,9 +90,17 @@ module Tuersteher
     # path:            :all fuer beliebig, sonst String mit der http-path beginnen muss,
     #                  wird als RegEX-Ausdruck ausgewertet
     def path url_path
-      rule = PathAccessRule.new(url_path)
-      @path_rules << rule
-      rule
+      if block_given?
+        @current_rule_class = PathAccessRule
+        @current_rule_init = url_path
+        @current_rule_storage = @path_rules
+        yield
+        @current_rule_class = @current_rule_init = nil
+      else
+        rule = PathAccessRule.new(url_path)
+        @path_rules << rule
+        rule
+      end
     end
 
     
@@ -100,9 +109,11 @@ module Tuersteher
     # model_class:  Model-Klassenname oder :all fuer alle
     def model model_class
       if block_given?
-        @current_model_class = model_class
+        @current_rule_class = ModelAccessRule
+        @current_rule_init = model_class
+        @current_rule_storage = @model_rules
         yield
-        @current_model_class = nil
+        @current_rule_class = @current_rule_init = @current_rule_storage = nil
       else
         rule = ModelAccessRule.new(model_class)
         @model_rules << rule
@@ -113,16 +124,15 @@ module Tuersteher
     # create new rule as grant-rule
     # and add this to the model_rules array
     def grant
-      rule = ModelAccessRule.new(@current_model_class)
-      @model_rules << rule
+      rule = @current_rule_class.new(@current_rule_init)
+      @current_rule_storage << rule
       rule.grant
     end
 
     # create new rule as deny-rule
     # and add this to the model_rules array
     def deny
-      rule = ModelAccessRule.new(@current_model_class)
-      @model_rules << rule
+      rule = grant
       rule.deny
     end
 
@@ -332,6 +342,7 @@ module Tuersteher
 
     def initialize
       @roles = []
+      @access_method = :all
     end
 
     # add role
@@ -367,6 +378,13 @@ module Tuersteher
       @deny
     end
 
+    # set methode for access
+    # access_method        Name of Methode for access as Symbol
+    def method(access_method)
+      @access_method = access_method
+      self
+    end
+
     # negate role-membership
     def not
       @not = true
@@ -385,6 +403,11 @@ module Tuersteher
       false
     end
 
+    def grant_access_method? method
+      return true if @access_method==:all
+      @access_method == method
+    end
+
   end # of BaseAccessRule
 
 
@@ -392,7 +415,6 @@ module Tuersteher
 
     METHOD_NAMES = [:get, :edit, :put, :delete, :post, :all].freeze
 
-
     # Zugriffsregel
     #
     # path          :all fuer beliebig, sonst String mit der http-path beginnen muss
@@ -411,14 +433,13 @@ module Tuersteher
           @path = /^#{path}/
         end
       end
-      @http_method = :all
     end
 
     # set http-methode
     # http_method        http-Method, allowed is :get, :put, :delete, :post, :all
     def method(http_method)
       raise "wrong method '#{http_method}'! Must be #{METHOD_NAMES.join(', ')} !" unless METHOD_NAMES.include?(http_method)
-      @http_method = http_method
+      super
       self
     end
 
@@ -438,10 +459,7 @@ module Tuersteher
         return false
       end
 
-      if @http_method!=:all && @http_method != method
-        return false
-      end
-
+      return false unless grant_access_method?(method)
       return false unless grant_role?(user)
       return false unless grant_extension?(user)
 
@@ -450,7 +468,7 @@ module Tuersteher
 
 
     def to_s
-      s = "PathAccesRule[#{@deny ? 'DENY ' : ''}#{@path}, #{@http_method}, #{@roles.join(' ')}"
+      s = "PathAccesRule[#{@deny ? 'DENY ' : ''}#{@path}, #{@access_method}, #{@roles.join(' ')}"
       s << " #{@check_extensions.inspect}" if @check_extensions
       s << ']'
       s
@@ -501,11 +519,6 @@ module Tuersteher
       @clazz = clazz.instance_of?(Symbol) ? clazz : clazz.to_s
     end
 
-    # set the permission-name
-    def permission permission_name
-      @permission = permission_name
-      self
-    end
 
     # liefert true, wenn zugriff fuer das angegebene model mit
     # der Zugriffsart perm für das security_object hat
@@ -518,7 +531,7 @@ module Tuersteher
     # *roles ist dabei eine Array aus Symbolen
     #
     #
-    def fired? model, perm, user
+    def fired? model, access_method, user
       user = nil if user==:false # manche Authenticate-System setzen den user auf :false
       m_class = model.instance_of?(Class) ? model : model.class
       if @clazz!=m_class.to_s && @clazz!=:all
@@ -526,18 +539,14 @@ module Tuersteher
         return false
       end
 
-      if @permission!=:all && @permission!=perm
-        #Tuersteher::TLogger.logger.debug("#{to_s}.has_access? => false why #{@access_type}!=:all && #{@access_type}!=#{perm}")
-        return false
-      end
-
+      return false unless grant_access_method?(access_method)
       return false unless grant_role?(user)
       return false unless grant_extension?(user, model)
       true
     end
 
     def to_s
-      s = "ModelAccessRule[#{@deny ? 'DENY ' : ''}#{@clazz}, #{@permission}, #{@roles.join(' ')}"
+      s = "ModelAccessRule[#{@deny ? 'DENY ' : ''}#{@clazz}, #{@access_method}, #{@roles.join(' ')}"
       s << " #{@check_extensions.inspect}" if @check_extensions
       s << ']'
       s

data/samples/access_rules.rb

@@ -22,22 +22,22 @@ path('/special').grant.extension(:special?, :area1)
 #
 # Model-Object-Zugriffsregeln
 # Aufbau:
-#   model(<ModelClass>).grant.permission(<permission>)[.role(<role>)][.extension(<method>[, <expected_value>])]
+#   model(<ModelClass>).grant.method(<access-method>)[.role(<role>)][.extension(<method>[, <expected_value>])]
 # or
-#   model(<ModelClass>).deny.permission(<permission>)[.not][.role(<role>)][.extension(<method>[, <expected_value>])]
+#   model(<ModelClass>).deny.method(<access-method>)[.not][.role(<role>)][.extension(<method>[, <expected_value>])]
 # or
 #   model(<ModelClass> do
-#     grant..permission(<permission>)[.role(<role>)][.extension(<method>[, <expected_value>])]
-#     deny.permission(<permission>)[.role(<role>)][.extension(<method>[, <expected_value>])]
+#     grant..method(<access-method>)[.role(<role>)][.extension(<method>[, <expected_value>])]
+#     deny.method(<access-method>)[.role(<role>)][.extension(<method>[, <expected_value>])]
 #     ...
 #   end
 
 
-model(Dashboard).grant.permission(:view)
+model(Dashboard).grant.method(:view)
 
 model(Todo) do
-  grant.permission(:view)
-  grant.permission(:full_view).role(:ADMIN)
-  grant.permission(:update).role(:EDITOR).extension(:owned_by?) # calls Todo.owned_by?(current_user)
-  grant-permission(:delete).not.role(:ADMIN)
+  grant.method(:view)
+  grant.method(:full_view).role(:ADMIN)
+  grant.method(:update).role(:EDITOR).extension(:owned_by?) # calls Todo.owned_by?(current_user)
+  grant-method(:delete).not.role(:ADMIN)
 end

data/samples/application_controller.rb

@@ -11,7 +11,7 @@ class ApplicationController  < ActionController::Base
   # This is here a dummy Stub-Implementation
   def current_user
     user = Object.new
-    def user.has_role?(*roles)
+    def user.has_role?(role)
       true
     end
     user

data/spec/acces_rules_storage_spec.rb

@@ -13,12 +13,16 @@ module Tuersteher
 path('/').grant.method(:get)
 path(:all).grant.role(:ADMIN)
 path('/special').grant.extension(:special?, :area1)
+path('/pictures') do
+  grant.role(:admin)
+  deny.role(:guest)
+end
 
-model(Dashboard).grant.permission(:view)
+model(Dashboard).grant.method(:view)
 model(Todo) do
-  grant.permission(:view)
-  grant.permission(:full_view).role(:ADMIN)
-  grant.permission(:update).role(:EDITOR).extension(:owned_by?) # calls Todo.owned_by?(current_user)
+  grant.method(:view)
+  grant.method(:full_view).role(:ADMIN)
+  grant.method(:update).role(:EDITOR).extension(:owned_by?) # calls Todo.owned_by?(current_user)
 end
         EOR
         AccessRulesStorage.instance.eval_rules rule_defs
@@ -26,11 +30,11 @@ end
         @model_rules = AccessRulesStorage.instance.model_rules
       end
 
-      it "should have 3 path-rules" do
-        @path_rules.should have(3).items
+      specify do
+        @path_rules.should have(5).items
       end
 
-      it "should have 4 model-rules" do
+      specify do
         @model_rules.should have(4).items
       end
 

data/spec/access_rules_spec.rb

@@ -92,11 +92,11 @@ module Tuersteher
 
       before do
         rules = [
-          ModelAccessRule.new(SampleModel1).grant.permission(:all),
-          ModelAccessRule.new(SampleModel2).grant.permission(:read),
-          ModelAccessRule.new(SampleModel2).grant.permission(:update).role(:user).extension(:owner?),
-          ModelAccessRule.new(SampleModel2).deny.permission(:create),
-          ModelAccessRule.new(SampleModel2).grant.permission(:all).role(:admin),
+          ModelAccessRule.new(SampleModel1).grant.method(:all),
+          ModelAccessRule.new(SampleModel2).grant.method(:read),
+          ModelAccessRule.new(SampleModel2).grant.method(:update).role(:user).extension(:owner?),
+          ModelAccessRule.new(SampleModel2).deny.method(:create),
+          ModelAccessRule.new(SampleModel2).grant.method(:all).role(:admin),
         ]
         AccessRulesStorage.instance.stub(:model_rules).and_return(rules)
         @user = stub('user')
@@ -143,12 +143,12 @@ module Tuersteher
       end
 
       context "without user" do
-        it "should be true for this paths" do
+        it "should be true for this models" do
           AccessRules.model_access?(nil, @model1, :xyz).should be_true
           AccessRules.model_access?(nil, @model2, :read).should be_true
         end
 
-        it "should not be true for this paths" do
+        it "should not be true for this models" do
           AccessRules.model_access?(nil, @model2, :update).should_not be_true
         end
       end
@@ -164,8 +164,8 @@ module Tuersteher
 
       before do
         rules = [
-          ModelAccessRule.new(SampleModel).permission(:update).role(:admin),
-          ModelAccessRule.new(SampleModel).permission(:update).role(:user).extension(:owner?),
+          ModelAccessRule.new(SampleModel).method(:update).role(:admin),
+          ModelAccessRule.new(SampleModel).method(:update).role(:user).extension(:owner?),
         ]
         AccessRulesStorage.instance.stub(:model_rules).and_return(rules)
         @user = stub('user')

data/spec/model_access_rule_spec.rb

@@ -6,7 +6,7 @@ module Tuersteher
 
     context "grant without user" do
       before do
-        @rule = ModelAccessRule.new(String).grant.permission(:all)
+        @rule = ModelAccessRule.new(String).grant.method(:all)
       end
 
       it "should fired without user" do
@@ -23,7 +23,7 @@ module Tuersteher
     context "grant with roles" do
 
       before(:all) do
-        @rule = ModelAccessRule.new(String).grant.permission(:read).role(:sysadmin).role(:admin)
+        @rule = ModelAccessRule.new(String).grant.method(:read).role(:sysadmin).role(:admin)
       end
 
       context "for User with role :admin" do
@@ -40,7 +40,7 @@ module Tuersteher
           @rule.fired?(12345, :read, @user).should_not be_true
         end
 
-        it "should not be fired for String-Object and other access-type as :read" do
+        it "should not be fired for String-Object and other access-method as :read" do
           @rule.fired?("test", :delete, @user).should_not be_true
         end
       end
@@ -60,7 +60,7 @@ module Tuersteher
 
     context "deny with not.role" do
       before(:all) do
-        @rule = ModelAccessRule.new(String).deny.permission(:append).not.role(:admin)
+        @rule = ModelAccessRule.new(String).deny.method(:append).not.role(:admin)
         @user = stub('user')
       end
 

data/spec/model_extensions_spec.rb

@@ -14,7 +14,7 @@ module Tuersteher
 
 
     before do
-      rules = [ModelAccessRule.new(SampleModel).grant.permission(:deactived).role(:admin)]
+      rules = [ModelAccessRule.new(SampleModel).grant.method(:deactived).role(:admin)]
       AccessRulesStorage.instance.stub(:model_rules).and_return(rules)
       @user = stub('user')
       Thread.current[:user] = @user

data/tuersteher.gemspec

@@ -5,11 +5,11 @@
 
 Gem::Specification.new do |s|
   s.name = %q{tuersteher}
-  s.version = "0.3.4"
+  s.version = "0.4.0"
 
   s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
   s.authors = ["Bernd Ledig"]
-  s.date = %q{2010-09-01}
+  s.date = %q{2010-09-04}
   s.description = %q{Security-Layer for Rails-Application acts like a firewall.}
   s.email = %q{bernd@ledig.info}
   s.extra_rdoc_files = [
@@ -41,12 +41,12 @@ Gem::Specification.new do |s|
   s.rubygems_version = %q{1.3.7}
   s.summary = %q{Security-Layer for Rails-Application}
   s.test_files = [
-    "spec/path_access_rule_spec.rb",
-     "spec/model_access_rule_spec.rb",
+    "spec/spec_helper.rb",
      "spec/model_extensions_spec.rb",
-     "spec/acces_rules_storage_spec.rb",
-     "spec/spec_helper.rb",
-     "spec/access_rules_spec.rb"
+     "spec/access_rules_spec.rb",
+     "spec/path_access_rule_spec.rb",
+     "spec/model_access_rule_spec.rb",
+     "spec/acces_rules_storage_spec.rb"
   ]
 
   if s.respond_to? :specification_version then

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification 
 name: tuersteher
 version: !ruby/object:Gem::Version 
-  hash: 27
+  hash: 15
   prerelease: false
   segments: 
   - 0
-  - 3
   - 4
-  version: 0.3.4
+  - 0
+  version: 0.4.0
 platform: ruby
 authors: 
 - Bernd Ledig
@@ -15,7 +15,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2010-09-01 00:00:00 +02:00
+date: 2010-09-04 00:00:00 +02:00
 default_executable: 
 dependencies: []
 
@@ -81,9 +81,9 @@ signing_key:
 specification_version: 3
 summary: Security-Layer for Rails-Application
 test_files: 
+- spec/spec_helper.rb
+- spec/model_extensions_spec.rb
+- spec/access_rules_spec.rb
 - spec/path_access_rule_spec.rb
 - spec/model_access_rule_spec.rb
-- spec/model_extensions_spec.rb
 - spec/acces_rules_storage_spec.rb
-- spec/spec_helper.rb
-- spec/access_rules_spec.rb