tuersteher 0.3.4 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
data/VERSION CHANGED
@@ -1 +1 @@
1
- 0.3.4
1
+ 0.4.0
data/lib/tuersteher.rb CHANGED
@@ -30,6 +30,7 @@ module Tuersteher
30
30
  end
31
31
  end
32
32
 
33
+
33
34
  class AccessRulesStorage
34
35
  include Singleton
35
36
 
@@ -89,9 +90,17 @@ module Tuersteher
89
90
  # path: :all fuer beliebig, sonst String mit der http-path beginnen muss,
90
91
  # wird als RegEX-Ausdruck ausgewertet
91
92
  def path url_path
92
- rule = PathAccessRule.new(url_path)
93
- @path_rules << rule
94
- rule
93
+ if block_given?
94
+ @current_rule_class = PathAccessRule
95
+ @current_rule_init = url_path
96
+ @current_rule_storage = @path_rules
97
+ yield
98
+ @current_rule_class = @current_rule_init = nil
99
+ else
100
+ rule = PathAccessRule.new(url_path)
101
+ @path_rules << rule
102
+ rule
103
+ end
95
104
  end
96
105
 
97
106
 
@@ -100,9 +109,11 @@ module Tuersteher
100
109
  # model_class: Model-Klassenname oder :all fuer alle
101
110
  def model model_class
102
111
  if block_given?
103
- @current_model_class = model_class
112
+ @current_rule_class = ModelAccessRule
113
+ @current_rule_init = model_class
114
+ @current_rule_storage = @model_rules
104
115
  yield
105
- @current_model_class = nil
116
+ @current_rule_class = @current_rule_init = @current_rule_storage = nil
106
117
  else
107
118
  rule = ModelAccessRule.new(model_class)
108
119
  @model_rules << rule
@@ -113,16 +124,15 @@ module Tuersteher
113
124
  # create new rule as grant-rule
114
125
  # and add this to the model_rules array
115
126
  def grant
116
- rule = ModelAccessRule.new(@current_model_class)
117
- @model_rules << rule
127
+ rule = @current_rule_class.new(@current_rule_init)
128
+ @current_rule_storage << rule
118
129
  rule.grant
119
130
  end
120
131
 
121
132
  # create new rule as deny-rule
122
133
  # and add this to the model_rules array
123
134
  def deny
124
- rule = ModelAccessRule.new(@current_model_class)
125
- @model_rules << rule
135
+ rule = grant
126
136
  rule.deny
127
137
  end
128
138
 
@@ -332,6 +342,7 @@ module Tuersteher
332
342
 
333
343
  def initialize
334
344
  @roles = []
345
+ @access_method = :all
335
346
  end
336
347
 
337
348
  # add role
@@ -367,6 +378,13 @@ module Tuersteher
367
378
  @deny
368
379
  end
369
380
 
381
+ # set methode for access
382
+ # access_method Name of Methode for access as Symbol
383
+ def method(access_method)
384
+ @access_method = access_method
385
+ self
386
+ end
387
+
370
388
  # negate role-membership
371
389
  def not
372
390
  @not = true
@@ -385,6 +403,11 @@ module Tuersteher
385
403
  false
386
404
  end
387
405
 
406
+ def grant_access_method? method
407
+ return true if @access_method==:all
408
+ @access_method == method
409
+ end
410
+
388
411
  end # of BaseAccessRule
389
412
 
390
413
 
@@ -392,7 +415,6 @@ module Tuersteher
392
415
 
393
416
  METHOD_NAMES = [:get, :edit, :put, :delete, :post, :all].freeze
394
417
 
395
-
396
418
  # Zugriffsregel
397
419
  #
398
420
  # path :all fuer beliebig, sonst String mit der http-path beginnen muss
@@ -411,14 +433,13 @@ module Tuersteher
411
433
  @path = /^#{path}/
412
434
  end
413
435
  end
414
- @http_method = :all
415
436
  end
416
437
 
417
438
  # set http-methode
418
439
  # http_method http-Method, allowed is :get, :put, :delete, :post, :all
419
440
  def method(http_method)
420
441
  raise "wrong method '#{http_method}'! Must be #{METHOD_NAMES.join(', ')} !" unless METHOD_NAMES.include?(http_method)
421
- @http_method = http_method
442
+ super
422
443
  self
423
444
  end
424
445
 
@@ -438,10 +459,7 @@ module Tuersteher
438
459
  return false
439
460
  end
440
461
 
441
- if @http_method!=:all && @http_method != method
442
- return false
443
- end
444
-
462
+ return false unless grant_access_method?(method)
445
463
  return false unless grant_role?(user)
446
464
  return false unless grant_extension?(user)
447
465
 
@@ -450,7 +468,7 @@ module Tuersteher
450
468
 
451
469
 
452
470
  def to_s
453
- s = "PathAccesRule[#{@deny ? 'DENY ' : ''}#{@path}, #{@http_method}, #{@roles.join(' ')}"
471
+ s = "PathAccesRule[#{@deny ? 'DENY ' : ''}#{@path}, #{@access_method}, #{@roles.join(' ')}"
454
472
  s << " #{@check_extensions.inspect}" if @check_extensions
455
473
  s << ']'
456
474
  s
@@ -501,11 +519,6 @@ module Tuersteher
501
519
  @clazz = clazz.instance_of?(Symbol) ? clazz : clazz.to_s
502
520
  end
503
521
 
504
- # set the permission-name
505
- def permission permission_name
506
- @permission = permission_name
507
- self
508
- end
509
522
 
510
523
  # liefert true, wenn zugriff fuer das angegebene model mit
511
524
  # der Zugriffsart perm für das security_object hat
@@ -518,7 +531,7 @@ module Tuersteher
518
531
  # *roles ist dabei eine Array aus Symbolen
519
532
  #
520
533
  #
521
- def fired? model, perm, user
534
+ def fired? model, access_method, user
522
535
  user = nil if user==:false # manche Authenticate-System setzen den user auf :false
523
536
  m_class = model.instance_of?(Class) ? model : model.class
524
537
  if @clazz!=m_class.to_s && @clazz!=:all
@@ -526,18 +539,14 @@ module Tuersteher
526
539
  return false
527
540
  end
528
541
 
529
- if @permission!=:all && @permission!=perm
530
- #Tuersteher::TLogger.logger.debug("#{to_s}.has_access? => false why #{@access_type}!=:all && #{@access_type}!=#{perm}")
531
- return false
532
- end
533
-
542
+ return false unless grant_access_method?(access_method)
534
543
  return false unless grant_role?(user)
535
544
  return false unless grant_extension?(user, model)
536
545
  true
537
546
  end
538
547
 
539
548
  def to_s
540
- s = "ModelAccessRule[#{@deny ? 'DENY ' : ''}#{@clazz}, #{@permission}, #{@roles.join(' ')}"
549
+ s = "ModelAccessRule[#{@deny ? 'DENY ' : ''}#{@clazz}, #{@access_method}, #{@roles.join(' ')}"
541
550
  s << " #{@check_extensions.inspect}" if @check_extensions
542
551
  s << ']'
543
552
  s
@@ -22,22 +22,22 @@ path('/special').grant.extension(:special?, :area1)
22
22
  #
23
23
  # Model-Object-Zugriffsregeln
24
24
  # Aufbau:
25
- # model(<ModelClass>).grant.permission(<permission>)[.role(<role>)][.extension(<method>[, <expected_value>])]
25
+ # model(<ModelClass>).grant.method(<access-method>)[.role(<role>)][.extension(<method>[, <expected_value>])]
26
26
  # or
27
- # model(<ModelClass>).deny.permission(<permission>)[.not][.role(<role>)][.extension(<method>[, <expected_value>])]
27
+ # model(<ModelClass>).deny.method(<access-method>)[.not][.role(<role>)][.extension(<method>[, <expected_value>])]
28
28
  # or
29
29
  # model(<ModelClass> do
30
- # grant..permission(<permission>)[.role(<role>)][.extension(<method>[, <expected_value>])]
31
- # deny.permission(<permission>)[.role(<role>)][.extension(<method>[, <expected_value>])]
30
+ # grant..method(<access-method>)[.role(<role>)][.extension(<method>[, <expected_value>])]
31
+ # deny.method(<access-method>)[.role(<role>)][.extension(<method>[, <expected_value>])]
32
32
  # ...
33
33
  # end
34
34
 
35
35
 
36
- model(Dashboard).grant.permission(:view)
36
+ model(Dashboard).grant.method(:view)
37
37
 
38
38
  model(Todo) do
39
- grant.permission(:view)
40
- grant.permission(:full_view).role(:ADMIN)
41
- grant.permission(:update).role(:EDITOR).extension(:owned_by?) # calls Todo.owned_by?(current_user)
42
- grant-permission(:delete).not.role(:ADMIN)
39
+ grant.method(:view)
40
+ grant.method(:full_view).role(:ADMIN)
41
+ grant.method(:update).role(:EDITOR).extension(:owned_by?) # calls Todo.owned_by?(current_user)
42
+ grant-method(:delete).not.role(:ADMIN)
43
43
  end
@@ -11,7 +11,7 @@ class ApplicationController < ActionController::Base
11
11
  # This is here a dummy Stub-Implementation
12
12
  def current_user
13
13
  user = Object.new
14
- def user.has_role?(*roles)
14
+ def user.has_role?(role)
15
15
  true
16
16
  end
17
17
  user
@@ -13,12 +13,16 @@ module Tuersteher
13
13
  path('/').grant.method(:get)
14
14
  path(:all).grant.role(:ADMIN)
15
15
  path('/special').grant.extension(:special?, :area1)
16
+ path('/pictures') do
17
+ grant.role(:admin)
18
+ deny.role(:guest)
19
+ end
16
20
 
17
- model(Dashboard).grant.permission(:view)
21
+ model(Dashboard).grant.method(:view)
18
22
  model(Todo) do
19
- grant.permission(:view)
20
- grant.permission(:full_view).role(:ADMIN)
21
- grant.permission(:update).role(:EDITOR).extension(:owned_by?) # calls Todo.owned_by?(current_user)
23
+ grant.method(:view)
24
+ grant.method(:full_view).role(:ADMIN)
25
+ grant.method(:update).role(:EDITOR).extension(:owned_by?) # calls Todo.owned_by?(current_user)
22
26
  end
23
27
  EOR
24
28
  AccessRulesStorage.instance.eval_rules rule_defs
@@ -26,11 +30,11 @@ end
26
30
  @model_rules = AccessRulesStorage.instance.model_rules
27
31
  end
28
32
 
29
- it "should have 3 path-rules" do
30
- @path_rules.should have(3).items
33
+ specify do
34
+ @path_rules.should have(5).items
31
35
  end
32
36
 
33
- it "should have 4 model-rules" do
37
+ specify do
34
38
  @model_rules.should have(4).items
35
39
  end
36
40
 
@@ -92,11 +92,11 @@ module Tuersteher
92
92
 
93
93
  before do
94
94
  rules = [
95
- ModelAccessRule.new(SampleModel1).grant.permission(:all),
96
- ModelAccessRule.new(SampleModel2).grant.permission(:read),
97
- ModelAccessRule.new(SampleModel2).grant.permission(:update).role(:user).extension(:owner?),
98
- ModelAccessRule.new(SampleModel2).deny.permission(:create),
99
- ModelAccessRule.new(SampleModel2).grant.permission(:all).role(:admin),
95
+ ModelAccessRule.new(SampleModel1).grant.method(:all),
96
+ ModelAccessRule.new(SampleModel2).grant.method(:read),
97
+ ModelAccessRule.new(SampleModel2).grant.method(:update).role(:user).extension(:owner?),
98
+ ModelAccessRule.new(SampleModel2).deny.method(:create),
99
+ ModelAccessRule.new(SampleModel2).grant.method(:all).role(:admin),
100
100
  ]
101
101
  AccessRulesStorage.instance.stub(:model_rules).and_return(rules)
102
102
  @user = stub('user')
@@ -143,12 +143,12 @@ module Tuersteher
143
143
  end
144
144
 
145
145
  context "without user" do
146
- it "should be true for this paths" do
146
+ it "should be true for this models" do
147
147
  AccessRules.model_access?(nil, @model1, :xyz).should be_true
148
148
  AccessRules.model_access?(nil, @model2, :read).should be_true
149
149
  end
150
150
 
151
- it "should not be true for this paths" do
151
+ it "should not be true for this models" do
152
152
  AccessRules.model_access?(nil, @model2, :update).should_not be_true
153
153
  end
154
154
  end
@@ -164,8 +164,8 @@ module Tuersteher
164
164
 
165
165
  before do
166
166
  rules = [
167
- ModelAccessRule.new(SampleModel).permission(:update).role(:admin),
168
- ModelAccessRule.new(SampleModel).permission(:update).role(:user).extension(:owner?),
167
+ ModelAccessRule.new(SampleModel).method(:update).role(:admin),
168
+ ModelAccessRule.new(SampleModel).method(:update).role(:user).extension(:owner?),
169
169
  ]
170
170
  AccessRulesStorage.instance.stub(:model_rules).and_return(rules)
171
171
  @user = stub('user')
@@ -6,7 +6,7 @@ module Tuersteher
6
6
 
7
7
  context "grant without user" do
8
8
  before do
9
- @rule = ModelAccessRule.new(String).grant.permission(:all)
9
+ @rule = ModelAccessRule.new(String).grant.method(:all)
10
10
  end
11
11
 
12
12
  it "should fired without user" do
@@ -23,7 +23,7 @@ module Tuersteher
23
23
  context "grant with roles" do
24
24
 
25
25
  before(:all) do
26
- @rule = ModelAccessRule.new(String).grant.permission(:read).role(:sysadmin).role(:admin)
26
+ @rule = ModelAccessRule.new(String).grant.method(:read).role(:sysadmin).role(:admin)
27
27
  end
28
28
 
29
29
  context "for User with role :admin" do
@@ -40,7 +40,7 @@ module Tuersteher
40
40
  @rule.fired?(12345, :read, @user).should_not be_true
41
41
  end
42
42
 
43
- it "should not be fired for String-Object and other access-type as :read" do
43
+ it "should not be fired for String-Object and other access-method as :read" do
44
44
  @rule.fired?("test", :delete, @user).should_not be_true
45
45
  end
46
46
  end
@@ -60,7 +60,7 @@ module Tuersteher
60
60
 
61
61
  context "deny with not.role" do
62
62
  before(:all) do
63
- @rule = ModelAccessRule.new(String).deny.permission(:append).not.role(:admin)
63
+ @rule = ModelAccessRule.new(String).deny.method(:append).not.role(:admin)
64
64
  @user = stub('user')
65
65
  end
66
66
 
@@ -14,7 +14,7 @@ module Tuersteher
14
14
 
15
15
 
16
16
  before do
17
- rules = [ModelAccessRule.new(SampleModel).grant.permission(:deactived).role(:admin)]
17
+ rules = [ModelAccessRule.new(SampleModel).grant.method(:deactived).role(:admin)]
18
18
  AccessRulesStorage.instance.stub(:model_rules).and_return(rules)
19
19
  @user = stub('user')
20
20
  Thread.current[:user] = @user
data/tuersteher.gemspec CHANGED
@@ -5,11 +5,11 @@
5
5
 
6
6
  Gem::Specification.new do |s|
7
7
  s.name = %q{tuersteher}
8
- s.version = "0.3.4"
8
+ s.version = "0.4.0"
9
9
 
10
10
  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
11
11
  s.authors = ["Bernd Ledig"]
12
- s.date = %q{2010-09-01}
12
+ s.date = %q{2010-09-04}
13
13
  s.description = %q{Security-Layer for Rails-Application acts like a firewall.}
14
14
  s.email = %q{bernd@ledig.info}
15
15
  s.extra_rdoc_files = [
@@ -41,12 +41,12 @@ Gem::Specification.new do |s|
41
41
  s.rubygems_version = %q{1.3.7}
42
42
  s.summary = %q{Security-Layer for Rails-Application}
43
43
  s.test_files = [
44
- "spec/path_access_rule_spec.rb",
45
- "spec/model_access_rule_spec.rb",
44
+ "spec/spec_helper.rb",
46
45
  "spec/model_extensions_spec.rb",
47
- "spec/acces_rules_storage_spec.rb",
48
- "spec/spec_helper.rb",
49
- "spec/access_rules_spec.rb"
46
+ "spec/access_rules_spec.rb",
47
+ "spec/path_access_rule_spec.rb",
48
+ "spec/model_access_rule_spec.rb",
49
+ "spec/acces_rules_storage_spec.rb"
50
50
  ]
51
51
 
52
52
  if s.respond_to? :specification_version then
metadata CHANGED
@@ -1,13 +1,13 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: tuersteher
3
3
  version: !ruby/object:Gem::Version
4
- hash: 27
4
+ hash: 15
5
5
  prerelease: false
6
6
  segments:
7
7
  - 0
8
- - 3
9
8
  - 4
10
- version: 0.3.4
9
+ - 0
10
+ version: 0.4.0
11
11
  platform: ruby
12
12
  authors:
13
13
  - Bernd Ledig
@@ -15,7 +15,7 @@ autorequire:
15
15
  bindir: bin
16
16
  cert_chain: []
17
17
 
18
- date: 2010-09-01 00:00:00 +02:00
18
+ date: 2010-09-04 00:00:00 +02:00
19
19
  default_executable:
20
20
  dependencies: []
21
21
 
@@ -81,9 +81,9 @@ signing_key:
81
81
  specification_version: 3
82
82
  summary: Security-Layer for Rails-Application
83
83
  test_files:
84
+ - spec/spec_helper.rb
85
+ - spec/model_extensions_spec.rb
86
+ - spec/access_rules_spec.rb
84
87
  - spec/path_access_rule_spec.rb
85
88
  - spec/model_access_rule_spec.rb
86
- - spec/model_extensions_spec.rb
87
89
  - spec/acces_rules_storage_spec.rb
88
- - spec/spec_helper.rb
89
- - spec/access_rules_spec.rb